# NXLog configuration for converting and sending Windows logs to Logsign SIEM
# Both Community and Enterprise Editions of NXLog are supported.

define ROOT C:\Program Files (x86)\nxlog

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _json>
Module xm_json
</Extension>

<Input in_eventlog>
# For windows 2008/vista/7/8/2012/2012R2 and latter use the following:
Module im_msvistalog
ReadFromLast TRUE
SavePos TRUE
Query <QueryList> \
<Query Id="0"> \
<Select Path="Security">*</Select> \
<Select Path="Application">*</Select> \
<Select Path="System">*</Select> \
</Query> \
</QueryList>
Exec   to_json();
</Input>

<Output out_eventlog>
Module om_udp
Host LogsignIP
Port 514
</Output>

<Route eventlog>
Path in_eventlog => out_eventlog
</Route>