Comodo Help
Find the desired product help
Xcitium SIEM

Xcitium SIEM

cWatch Network Admin Guide

English

Print Help Download Help
Customer Asset Management > Configure Nxlog And Rsyslog To Send Logs To CWatch Network Server
  • Introduction To Comodo CWatch Network
    • Purchase A License
    • Log-in To The Admin Console
  • The Main Interface
  • The Dashboard
  • Customer Asset Management
    • Add Customers
    • Add Assets For Monitoring
      • Hard Assets
      • Soft Assets
    • Configure Nxlog And Rsyslog To Send Logs To CWatch Network Server
    • Edit Customers
  • Query Management
    • Configure Event Queries
    • Long Term Analysis
    • Configure Custom Dashboards
    • Event Field Selection Settings
  • Manage Rules
    • Manage Correlation Rules
    • Manage Tagged Rules
    • Manage Aggregation Rules
  • Incidents
    • Manage Incidents
    • Incident Category Management
    • Category Action Management
  • Lists
    • Manage Live Lists
    • Manage Live List Content
    • Manage Range List Content
    • Manage IP Range List Content
    • Manage Multiple Column List Content
  • Manage Reports
  • Administration
    • Event Collection
    • Phantom Settings
    • Manage Users
    • View License And Subscription Details
  • Appendix 1 – Field Groups And Event Items Description
  • Appendix 2 – CWatch Supported Logs
  • About Comodo Security Solutions

Configure Nxlog and Rsyslog to Send Logs to cWatch Network Server

 

  • CWatch features agent-less log collection from Windows/Linux endpoints connected to customers' networks.
  • This is achieved through the Nxlog and Rsyslog utilities. The NXLOG utility (for Windows) and the RSYSLOG utility (for Linux) need to be configured to send logs to the cWatch Network server.

Comodo cWatch Network provides ready-made configuration script files for each customer's /network/zone which can be downloaded from the respective 'Customer Details' page. Once connected, the cWatch Network will be able to receive and store logs from the customer's endpoints and web-servers.


The following sections explain more about:

  • Configure the NXLOG Utility
  • Configure the RSYSLOG Utility

Configure the NXLOG Utility

 

Administrators can download a specific customer's NXLOG configuration file from the administrative console and use this to configure the NXLOG utility installed on Windows endpoints and web-servers connected to the customer's network. Please make sure NXLOG utility is installed on the machine which is to be configured to send logs to cWatch.


To download the NXLOG Configuration File

  • Open the 'Asset Management' interface by clicking the 'Menu' button, then 'Assets' > 'Asset Management'.
  • Select the customer from the left hand side pane.

The 'Customer Details' pane will open at the right.

  • Click 'Manage' at the bottom left of the right pane and choose the 'Hard Assets' tab.
  • Choose the network/zone you wish to configure from the right hand side pane and click the button in the row of the network/zone.

The authentication token, the authentication key and the download buttons for the NXLOG and RSYSLOG configuration script files for the selected network/zone will be displayed at the bottom of the right pane.

  • Click the NXLOG configuration file download button as shown in the screenshot below and save the file:



  • Replace the NXLOG configuration file at the location C:/Program Files (x86)/nxlog/conf/nxlog.conf or C:/Program Files/nxlog/conf/nxlog.conf in the endpointswebservers with the downloaded configuration file.

All settings in the configuration file including network token for the selected network/zone are pre-configured and will instruct the NXLOG utility to send logs to the cWatch Network server. cWatch will receive and store the logs under the respective customer/network for monitoring and incident reporting.


Configure RSYSLOG Utility

  • You can download a pre-configured RSYSLOG config script from the admin console. Each script is generated for a specific customer/network.
  • The script will configure RSYSLOG utilities installed on Linux machines to send logs to the cWatch Network.
    • Please make sure the RSYSLOG utility is installed on the target machine.


      To download the RSYSLOG Configuration File

      • Open the 'Asset Management' interface by clicking the 'Menu' button, then 'Assets' > 'Asset Management'.
      • Select a customer from the left hand pane.

      The 'Customer Details' pane will open at the right.

      • Click 'Manage' at the bottom left of the right pane and choose the 'Hard Assets' tab.
      • Choose the network/zone whose endpoints are to be configured, from the right hand side pane and click the  button in the row of the network/zone.

      The authentication token, the authentication key and the download buttons for the NXLOG and RSYSLOG configuration script files for the selected network/zone will be displayed at the bottom of the right pane.

      • Click the RSYSLOG configuration file download button as shown below and save the file.




      • Run the script file on all required endpoints.

      The script will configure the RSYSLOG utility to send logs to cWatch Network. cWatch will receive and store the logs under the respective customer/network for monitoring and incident reporting.


      Alternatively, you can download the script file for configuring the RSYSLOG utility from 'Administration' > 'Event Collection' interface, manually enter the parameters for the customer network to be monitored and run the script at the endpoints. See Event Collection for more details.

      • In addition to event log collection, cWatch Network is capable of collecting log information from Comodo Network Monitoring Sensors.
      • These sensors listen on the customer's network using span/tap technologies.
      • Sensor deployment is customized according to a customers network topology. Please contact Comodo to arrange sensor deployment.
      Our Products
      • Free Antivirus
      • Free Internet Security
      • Website Malware Removal
      • Free Anti-Malware
      • Anti-Spam (Free Trial)
      • Windows Antivirus
      • Antivirus for Windows 7
      • Antivirus for Windows 8
      • Antivirus for Windows 10
      • Antivirus for MAC
      • Antivirus for Linux
      • Free Endpoint Security
      • Free ModSecurity
      • Free RMM
      • Free Website Malware Scanner
      • Free Device Manager for Android
      • Free Demo
      • Network Security
      • Endpoint Protection
      • Antivirus for Android
      • Comodo Antivirus
      • Wordpress Security
      Cheap CDN
      • Bootstrap CDN
      • Semantic UI CDN
      • Jquery CDN
      • CDN Plans
      • CDN
      • Free CDN
      Enterprise
      • Patch Management Software
      • Patch Manager
      • Service Desk
      • Website Down
      • Endpoint Protection Solutions
      • Website Security Check
      • Remote Monitoring and Management
      • Website Security
      • Device Manager
      • ITSM
      • CRM
      • MSP
      • Android Device Manager
      • MDR Services
      • Managed IT Support Services
      • Free EDR
      Free SSL Certificate
      Support Partners Terms and Conditions Privacy Policy

      © Comodo Group, Inc. 2025. All rights reserved.