Setting Up NXLog for Windows

You will need to first install and configure NXLog on the windows host using these instructions: Integrating with Microsoft Windows Server.

Setting Up IIS Logging

If you are on Windows Server 2012 R2 or newer, you can leverage Poshim to enable log forwarding from the IIS Event Channels. By default, if Poshim sees available IIS event channels, those channels will automatically be added to your configuration.

In addition to using Poshim, you must also configure IIS to stream events to the Windows Event service. Each IIS server will need its logging configuration modified to forward logs to the Windows Event service.

To configure IIS:

  • Go to your IIS Manager > Server Configuration > Logging.
  • Ensure Both log file and ETW event is selected.
    Screen_Shot_2022-04-12_at_1.54.25_PM.png
  • Click Save in the right sidebar menu when you are done.
    Note: This process must be done per site. You can also change this at the IIS server level which will update each site setting and ensure each new site forwards logs appropriately.
  • Restart NXLog from the services console or with the following command:
    • net stop nxlog && net start nxlog