# 4. NXLog 使用教學（Windows）要在Graylog系統中完成資料收集工作，用戶端必須啟用NXLog服務。用戶端裝置請至[NXLog Community Edition](https://nxlog.co/products/nxlog-community-edition/download)下載與其作業系統版本相符的套件。 - - - - - - 1\. 安裝NXLog：請啟動nxlog-ce-2.11.2190.msi檔案，並依照以下步驟操作。 - 點擊Next。 [![epower-graylog-win10install-1.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-win10install-1.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-win10install-1.png) - 勾選I accept the terms in the License Agreement➔點擊Next。 [![epower-graylog-win10install-2.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/rktepower-graylog-win10install-2.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/rktepower-graylog-win10install-2.png) - 確認安裝位置後點擊Next。 [![epower-graylog-win10install-3.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-win10install-3.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-win10install-3.png) - 點擊Install。 [![epower-graylog-win10install-4.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-win10install-4.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-win10install-4.png) - 點擊是。 [![epower-graylog-win10install-5.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-win10install-5.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-win10install-5.png) - 點擊Finish [![epower-graylog-win10install-6.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-win10install-6.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-win10install-6.png) - - - - - - 2\. 修改nxlog.conf檔案內容：請依照 c:\\Program Files (x86)\\nxlog\\conf 路徑找到nxlog.conf檔案並開啟。開啟檔案後請依據需求複製框線內文字並覆蓋於原檔案指定位置上。 ※建議使用[notepad++](https://notepad-plus-plus.org/downloads/)執行此檔案，也建議選用當前最新版本！※ - Windows至Syslog：

<Extension \_syslog> Module xm\_syslog </Extension> <Input in> # Vista (含)以後的作業系統請使用 im\_msvistalog Module im\_msvistalog # 2003 (含)以前的作業系統請使用 im\_mseventlog # Module im\_mseventlog </Input> <Output out> Module om\_udp Host （此處請填上Graylog主機IP） Port 514 Exec to\_syslog\_snare(); </Output> <Route 1> Path in => out </Route>

- WIndows至Graylog：

<Extension \_syslog> Module xm\_gelf </Extension> <Input in> # Vista (含)以後的作業系統請使用 im\_msvistalog Module im\_msvistalog # 2003 (含)以前的作業系統請使用 im\_mseventlog # Module im\_mseventlog </Input> <Output out> Module om\_udp Host （此處請填上Graylog主機IP） Port 12201 OutputType GELF </Output> <Route 1> Path in => out </Route>

[![epower-graylog-win10conf.png](http://km.sopdom.com/uploads/images/gallery/2021-11/scaled-1680-/epower-graylog-win10conf.png)](http://km.sopdom.com/uploads/images/gallery/2021-11/epower-graylog-win10conf.png) - - - - - - 3\. 啟用NXLog服務： - 以上步驟完成後請找到"服務"並開啟。 [![epower-graylog-service-3.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-service-3.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-service-3.png) - 找出nxlog後點擊右鍵，選擇啟動或重新啟動。 [![epower-graylog-service-4.png](http://km.sopdom.com/uploads/images/gallery/2021-10/scaled-1680-/epower-graylog-service-4.png)](http://km.sopdom.com/uploads/images/gallery/2021-10/epower-graylog-service-4.png) - - - - - - 完成後可再回到Graylog後台頁面查看收集到的資訊。