How to collect log from Windows Server without use Nxlog, collector sidecar?

I’m a Student, i’m learning about graylog. I have a problem: if i don’t want to install Agent on the Server that i collect log. So what can i do?

Thanks you so much!

You can use NXLOG or Winlogbeat to send Windows event logs to Graylog.

It’s currently not possible to collect Windows event logs without a third party program.

My instructor told to me: In reality, His customer does not like installing Agent on their server. And he gave me an idea as well.

Idea: On windows server, send log to a folder or a network drive. After i will share my folder or network drive. On graylog, i will map my folder or network drive like an input. But i can’t do it on graylog. Can you resolve my problem?

I think this will be a kind of input that you should have in the graylog and this will also be a solution for difficult customers.


you can use Windows Event Forwarding. Just setup a (possibly virtual) Windows Event Collector server and install the log agent there. Then set up Windows Event Forwarding so that your windows servers forward their logs to the collector. The forwarded logs can be found in the “Forwarded Events” queue.

The windows event forwarding framework is native to Windows (both servers and workstations) so you have it installed already, it is just about configuring it. The problem with this is that you need to be careful in setting up the collector server so that it can handle the load.

1 Like

How is this better than using a third party program such as Winlogbeat which will take care of buffering, network outages, transport encryption, (pre-) filtering, and back-pressure (all of which your solution doesn’t take care of at all)?


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.