Configuring NXLog on Windows
Section outline
-
Welcome to the Configuring NXLog on Windows course.
In this course we will demonstrate how to install, configure and troubleshoot NXLog on Windows.
Once we've installed NXLog, we will create a configuration file using the wizard in USM Anywhere. This will allow us to chose which logs to send to USM Anywhere.
We will then install and configure Sysmon to increase the quality of the logs in Windows, and after that we will configure some additional log sources. Then we are going to download the pattern DB to ensure only actionable logs are sent to USM Anywhere.
Then once all that's set up, we're going to verify that that all of the events are being received by USM Anywhere and that they are generating events and alarms.
This course should take approximately 35 minutes to complete.
Notice: These training documents are protected by the United States copyright laws and are proprietary to LevelBlue Intellectual Property. Sale, disclosure, copying, recording, reproduction, merger, translation, modification, enhancement, or use by anyone other than authorized individuals without the prior written consent of LevelBlue Intellectual Property is strictly prohibited.
©2025 LevelBlue Intellectual Property. LevelBlue logo, and registered trademarks and service marks of LevelBlue Intellectual Property and/or LevelBlue affiliated companies. All other marks are the property of their respective owners.
-
-
Students mustMark as done
This video introduces the course. You of will learn what's covered in this course, and how the different NXLog components fit together.
This video also explains the concepts and terminology used in the course. As well as providing a diagram of how the different components fit together.
The components introduced in this video include;
- USM Anywhere
- NXLog, and it's configuration file
- The PatternDB and it's fuction
- Sysmon and how it increase log quality
- Types of additional log sources
- How the patterndb ensures only actionable logs are forwarded
-
-
-
Students mustMark as done
This video shows how to download and install NXLog on Windows. It also demonstrates how to use the NXLog configuration file generation wizard in USM Anywhere to create a configuration file. The configuration file tells NXLog;
- What logs to forward
- Where to send the logs
- What protocol to use
The video also demonstrates how to troubleshoot situations where logs are not being forwarded.
-
-
-
Students mustMark as done
The USM Anywhere configuration file generator is very useful, and has defaults for many standard logs. However sometimes manual steps are required to correctly forward logs. And what about situations where the generator doesn't have an entry for a log that you want to forward?
This video shows you how to;
- identify software that may need some extra configuration steps
- manually edit the configuration file to successfuly send any log file or windows event with NXLog
- identify useful extra logs to send to USM Anywhere
-
-
-
Students mustMark as done
Now that you know how to forward logs, how can you decide which logs are important? Using the PatternDB, supplied by LevelBlue, NXLog only sends actionable logs to USM Anywhere.
This video shows you;
- where to download the LevelBlue pattterndb file
- how to install it in your asset
- how to confirm that it's working as expected
-
-
If you would like a provide feedback on the material or the platform, please complete our Survey.
If you would like a certificate for your records, please select the Download Certificate icon. The option will not become available until you have completed all modules of the training course.