| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
| 29 | 30 | 31 |
- proxycfg
- ansible
- 보안양파
- G-suite
- application security
- centos 8
- GitLab
- elastic stack
- Kibana server is not ready yet
- Kibana
- x-pack
- Elasticsearch
- Windows
- bash
- miniconda
- pfsense
- PlayBook
- freebsd
- hardening
- docker
- 한글가이드
- endpoint security
- macos
- Proxy
- ELASTIC
- XCP-ng
- xe guest utilities
- 로그인불가
- ssh key 배포
- Today
- Total
선 밖에 선 자유인
윈도 보안 이벤트 syslog send 설정 (NX Log CE) 본문
- nxlog 윈도 agent download 및 설치
https://nxlog.co/products/nxlog-community-edition/download
- C:\program files(x86)\nxlog\conf\nxlog.conf
------------------------------------------------------------------
#define ROOT C:\Program Files\nxlog
define ROOT C:\Program Files (x86)\nxlog
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _syslog>
Module xm_syslog
</Extension>
<Input in>
# For windows 2003 and earlier use the following:
# Module im_mseventlog
Module im_msvistalog
Query <QueryList> \
<Query Id="0"> \
<Select Path="Security">*</Select> \
</Query> \
</QueryList>
</Input>
<Output out>
Module om_udp
Host <Syslog Server IP>
Port 514
Exec to_syslog_snare();
</Output>
<Route 1>
Path in => out
</Route>
----------------------------------------------------------------
- 스케줄러에 등록 (부팅 시 실행)
"C:\Program Files (x86)\nxlog\nxlog.exe" -c "C:\Program Files (x86)\nxlog\conf\nxlog.conf"
https://nxlog.co/docs
using-nxlog-with-elasticsearch-and-kibana.pdf
audit-logging-on-windows-with-sysmon-and-nxlog.pdf