Return to

14. Microsoft Nano Server

14.1. Installing

Follow these steps to deploy NXLog on a Nano Server system.

Microsoft Nano Server does not support the installation of MSI files. In its place, Microsoft introduced the APPX format. The sandboxing and isolation imposed by the APPX format was found to be an unnecessary complication when deploying NXLog; therefore, users are provided with a ZIP file that allows for manual installation instead.
  1. Download the NXLog ZIP archive from the NXLog website.

    1. Log in to your account, then click My account at the top of the page.

    2. Under the Downloads  NXLog Enterprise Edition files tab, download

  2. Transfer the NXLog ZIP file to the Microsoft Nano Server. One way to do so is to use WinRM and the Copy-Item cmdlet. Uncompress the ZIP file at C:\Program Files\nxlog using the Expand-Archive cmdlet as shown below.

    PS C:\tmp> Expand-Archive -Path -DestinationPath 'C:\Program Files\nxlog'
  3. To register NXLog as a service, navigate to the installation directory and execute the following.

    PS C:\Program Files\nxlog> .\nxlog.exe -i
  4. Configure NXLog by editing the C:\Program Files\nxlog\nxlog.conf file. General information about configuring NXLog can be found in Configuration. For more details about configuring NXLog to collect logs on Windows, see the Microsoft Windows summary.

    Because Microsoft Nano Server does not have a native console editor, the configuration file must be edited on a different system and then transferred to the Nano Server. Alternatively, a third party editor could be installed.
  5. Verify the configuration file syntax.

    PS C:\Program Files\nxlog> .\nxlog.exe -v -c nxlog.conf
    2018-09-12 19:15:55 INFO configuration OK

NXLog in now installed, registered, and configured. The NXLog service can be started by running Start-Service nxlog.

14.2. Upgrading

To upgrade the NXLog installation to the latest release, follow the steps below.

  1. Stop the NXLog service by issuing the command Stop-Service nxlog.

  2. Back up any configuration files that have been altered, such as nxlog.conf, log4ensics.conf, and any certificates.

  3. Either delete the nxlog directory and follow the installation procedure again or use the -Force parameter when extracting the NXLog ZIP file. There is no need to register the service again.

    PS C:\tmp> Expand-Archive -Force -Path -DestinationPath 'C:\Program Files\nxlog'
  4. Restore any configuration and certificate files.

  5. Start the NXLog service by running Start-Service nxlog.

14.3. Uninstalling

To uninstall NXLog, follow this procedure.

  1. Stop the NXLog service by issuing the command Stop-Service nxlog.

  2. Unregister the NXLog service by navigating to the NXLog directory and running .\nxlog.exe -u.

  3. Now delete the NXLog directory.

14.4. Custom Installation Options

This sections deals with installation options outside the typical scenario.


The following installation options require altering the Windows Registry. Incorrect modifications can potentially damage the system. Always double check the commands and make sure you can revert to a known working state before altering the registry.

14.4.1. Installing to a Custom Directory

NXLog can be installed to a custom location on Nano Server.

  1. Follow the same procedure as with the typical installation, but choose a different DestinationPath when expanding the ZIP file. Also register the NXLog service as shown above.

  2. At this point the registry entry for the NXLog service needs to be altered. View the current setting:

    PS C:\> Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\nxlog"
    Type            : 16
    Start           : 2
    ErrorControl    : 0
    ImagePath       : "c:\Program Files\nxlog\nxlog.exe" -c "c:\Program Files\nxlog\nxlog.conf"
    DisplayName     : nxlog
    DependOnService : {eventlog}
    ObjectName      : LocalSystem
    PSPath          : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nxlog
    PSParentPath    : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
    PSChildName     : nxlog
    PSDrive         : HKLM
    PSProvider      : Microsoft.PowerShell.Core\Registry
  3. The value of the ImagePath parameter needs to be modified in order to correct the location of both the NXLog executable and the configuration file. For example, if NXLog is installed at C:\nxlog, run the following command to update the registry key.

    PS C:\> Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\nxlog" -Name "ImagePath" -Value '"C:\nxlog\nxlog.exe" -c "C:\nxlog\nxlog.conf"'
  4. The configuration file (nxlog.conf) also needs to reflect the directory where NXLog is located. Make sure the define ROOT points to the correct location.

14.4.2. Service Startup Type

The service Startup type of newer versions of NXLog is set to Automatic (Delayed Start) instead of Automatic. This is controlled by the DelayedAutostart parameter. To revert back to the old behavior, run the following command.

PS C:\> Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Services\nxlog" -Name "DelayedAutostart" -Value 0