Collecting and Forwarding Windows 11 Logs to Nagios Log Server 2024R2: A Step-by-Step Guide

Reliable log collection and analysis are essential for effective IT infrastructure monitoring. This guide walks you through configuring a Windows 11 machine to capture and forward system logs to Nagios Log Server using NXLog Community Edition (CE). By setting up this streamlined logging process, you’ll gain valuable insights into system performance, security events, and potential issues—ensuring a more proactive and efficient monitoring strategy.

Prerequisites

Before starting, ensure you have the following:

• Nagios Log Server (NLS) up and running
• Administrator privileges on your Windows 11 machine
• A stable network connection between the Windows machine and Nagios Log Server

Step 1: Add a Windows Log Source in Nagios Log Server

1. Log in to the Nagios Log Server web interface.

2. On the Home page, navigate to the bottom left and click the + Windows button or select + Add Log Source and choose Windows.

• Alternatively, click + Add Log Source in the navigation bar, then select Windows.

3. This will guide you to the configuration page for setting up Windows logs.

Step 2: Install NXLog CE on Windows 11

1. On the Windows source page, locate the Getting Started section.

2. Click the link to download the NXLog Community Edition installer from your Nagios Log Server instance.

3. Run the downloaded installer.

4. Follow the installation steps:

• Accept the license agreement.
• Click Install.

5. Wait for the installation to complete.

6. Click Finish to close the installer.

Step 3: Configure NXLog CE

1. On the Windows source page of Nagios Log Server, locate the Configuration Setup section.
2. Copy the provided configuration block by clicking the Select All icon and copying the highlighted text.
3. Open Notepad on your Windows 11 machine.
4. Navigate to C:\Program Files (x86)\nxlog\conf\nxlog.conf.
   • Select All Files (.) in the file type dropdown to locate the file.
5. Open the nxlog.conf file.
6. Press CTRL + A to select all content and delete it.
7. Paste the copied configuration from Nagios Log Server.
8. Save the file by selecting File > Save.

Step 4: Start NXLog CE Service

1. Open Command Prompt as Administrator.

2. Start the NXLog service by executing the command:

net start nxlog

3. Ensure the service starts automatically by configuring its startup type in the Windows Services Manager.

Step 5: Verify Incoming Logs

1. Navigate to the Dashboards page in Nagios Log Server.
2. Perform a query using the IP address of the Windows 11 machine: host:<Windows Host Address>
3. Check the ALL EVENTS panel to confirm that logs are being received.

Here is an example that shows the received logs appearing in the ALL EVENTS panel.

Troubleshooting Tips

• NXLog Service Fails to Start:
  • Ensure you have administrative privileges.
  • Verify the syntax of the nxlog.conf file.
• No Logs in Nagios Log Server:
  • Check the network connectivity between the Windows machine and Nagios Log Server.
  • Double-check the NXLog configuration.
• Firewall Issues:
  • Ensure firewalls on both Windows and Nagios Log Server allow traffic on required ports.

Conclusion

By following these steps, you have successfully configured a Windows 11 machine to send logs to Nagios Log Server using NXLog CE. This setup provides valuable insights for effective monitoring and troubleshooting of your IT infrastructure.

For additional support, visit the Nagios Support Forums or check the Nagios Knowledgebase.