nxlog下载地址:https://download.csdn.net/download/c1052981766/10299741
下载之后进行安装;
查看服务:
修改配置文件:C:\Program Files (x86)\nxlog\conf\nxlog.conf
## This is a sample configuration file. See the nxlog reference manual about the ## configuration options. It should be installed locally and is also available ## online at http://nxlog.org/nxlog-docs/en/nxlog-reference-manual.html ## Please set the ROOT to the folder your nxlog was installed into, ## otherwise it will not start. #define ROOT C:\Program Files\nxlog define ROOT C:\Program Files (x86)\nxlog Moduledir %ROOT%\modules CacheDir %ROOT%\data Pidfile %ROOT%\data\nxlog.pid SpoolDir %ROOT%\data LogFile %ROOT%\data\nxlog.log <Input in> Module im_msvistalog # For windows 2003 and earlier use the following: # Module im_mseventlog ReadFromLast TRUE SavePos FALSE Query <QueryList>\ <Query Id="0">\ <Select Path="System">*</Select>\ <Select Path="Security">*</Select>\ </Query>\ </QueryList> </Input> <Output out> Module om_udp Host 192.168.25.65 Port 514 </Output> <Route 1> Path in => out </Route>
服务端进行监听:
tcpdump udp and src ip -w 25.221.cap
wireshark查看:
