If you want to collect and forward Microsoft Windows events that are not supported by the Windows Event Collector sensor app or other types of non-Windows application events from a Windows host, you can install and configure NXLog Community Edition (CE) and customize your configuration file for integration with USM Anywhere. You can choose to set up NXLog on each Windows host to forward events directly to the USM Anywhere Sensor, or use a forwarding server as a central collection point.

The Windows NXLog plugin provided by USM Anywhere translates the raw log data into normalized events Normalization describes the translation of log file entries received from disparate types of monitored assets into the standardized framework of Event types and sub-types. for analysis. This plugin automatically processes all messages forwarded to the USM Anywhere Sensor where the syslog tag matches the value eventlog.

You can choose to forward your NXLogs in one of two ways:

• Forward NXLog Messages Directly to a USM Anywhere Sensor
• Use Windows Server as an NXLog Collector