Hello!
This week’s major C3 update introduces support for NXLog, a light-weight log forwarding agent.
For information on the C3 set of projects (and how to set it up with your BigFix Environment) please see the announcement post: C3 - Free BigFix Community Content Libraries
NXLog Support
C3 Inventory and NXLog
The following content now ships with C3 Inventory for forwarding Windows Event logs:
- Config - NXLog CE - Enable Modular Management - Windows
- Config - NXLog CE Definition - Environment Variables - Windows
- Config - NXLog CE Extension - w3c - Windows
- Config - NXLog CE Extension - xm_gelf - Windows
- Config - NXLog CE Extension - xm_json - Windows
- Config - NXLog CE Extension - xm_syslog - Windows
- Config - NXLog CE Input - Application Event Log - Windows
- Config - NXLog CE Input - Applocker AppX Event Log - Windows
- Config - NXLog CE Input - Applocker EXE and DLL Event Log - Windows
- Config - NXLog CE Input - Applocker MSI and Script Event Log - Windows
- Config - NXLog CE Input - BigFix Client - Windows
- Config - NXLog CE Input - BigFix Relay - Windows
- Config - NXLog CE Input - Directory Service - Windows
- Config - NXLog CE Input - IIS - Windows
- Config - NXLog CE Input - NXLog - Windows
- Config - NXLog CE Input - Powershell Event Log - Windows
- Config - NXLog CE Input - Security Event Log - Windows
- Config - NXLog CE Input - System Event Log - Windows
- Config - NXLog CE Output - to_gelf - Windows
- Config - NXLog CE Output - to_syslog_bsd - Windows
- Invoke - Reload NXLog CE Configuration - Windows
- Invoke - Reload Stale NXLog CE Configuration - Windows
- Invoke - Remove NXLog CE Modular Configuration - Windows
- Warning - NXLog is installed but not running - Windows
These are combined into a modular configuration. Essentially you make a couple of decisions and combine them into a baseline that you apply against your NXLog clients.
Definitions
The Environment Variables definition provides common Windows Environmental Variables for NXLog to use like %ProgramFiles% and %ProgramFiles(x86)%.
Extensions
I would recommend adding all of the extensions.
Inputs
The inputs all have relevance to make sure they only apply to machines with the relevant services installed so you can freely include as many or as few inputs as you want.
Outputs
If you are using Graylog i’d recommend using to_gelf, otherwise using to_syslog_bsd will output events as syslog messages. These fixlets use action parameter query to allow you to provide a syslog server and port.
Enforce Config
The “Invoke - Reload Stale NXLog CE Configuration - Windows” fixlet can be added to force a reload of the nxlog configuration whenever a change is pushed out.
C3 Patch and NXLog
C3 Patch now supports NXLog so you can deploy, update, and remove NXLog directly from C3 Patch.
Summary
If you’re using NXLog or want to use NXLog please let me know! I’d love to help you utilize C3 Inventory to forward event logs in your environment!
I’ll be working on a setup guide but if you need more detailed setup instructions please don’t hesitate to reach out.
Thanks!
Bill