Return to

13. Microsoft Windows

13.1. Installing

First, download the NXLog MSI file from the NXLog website.

  1. Log in to your account, then click My account at the top of the page.

  2. Under the Downloads  NXLog Enterprise Edition files tab, choose the correct package for your system.

    Table 20. Available Windows Installers
    Platform Package

    Microsoft Windows, 32-bit


    Microsoft Windows, 64-bit


    Using the 32-bit installer to install NXLog on a 64-bit system is unsupported and not recommended. To override the installer check and proceed anyway, use the SKIP_X64_CHECK=1 property (for example, msiexec /i nxlog-4.6.4661_windows_x64.msi /q SKIP_X64_CHECK=1).

There are several ways that NXLog can be installed on Windows.

See also the MSI for NXLog Agent Setup add-on, which provides an example MSI package for bootstrapping NXLog agents.


The service Startup type of newer versions of NXLog is set to Automatic (Delayed Start) instead of Automatic. To change this option, open the service control manager and alter the Startup type in the General tab.

13.1.1. Installing Interactively

  1. Run the installer by double-clicking the MSI. Accept the license agreement, customize the installation directory if desired, and click Install. Click Finish when the installation completes; by default, the README.txt file will be opened in Notepad.

  2. Configure NXLog by editing nxlog.conf (by default, C:\Program Files\nxlog\conf\nxlog.conf). General information about configuring NXLog can be found in Configuration. For more details about configuring NXLog to collect logs on Windows, see the Microsoft Windows summary.

  3. Verify the configuration file syntax.

    > "C:\Program Files\nxlog\nxlog.exe" -v
    2017-03-17 08:05:06 INFO configuration OK
  4. Start NXLog by opening the Service Manager, finding the nxlog service in the list, and starting it. To run the nxlog.exe executable in the foreground, rather than as a service, execute it with the -f command line argument.

  5. Open the NXLog log file (by default, C:\Program Files\nxlog\data\nxlog.log) with Notepad and check for errors.

    Some text editors (such as Wordpad) use exclusive locking and will refuse to open the log file while NXLog is running.

13.1.2. Installing With Msiexec

Msiexec can be used for performing an unattended install of NXLog. This command does not prompt the user at all, but must be run as administrator.

> msiexec /i nxlog-4.6.4661_windows_x64.msi /q

To allow Windows to prompt for administrator privileges, but otherwise install unattended, use /qb instead.

> msiexec /i nxlog-4.6.4661_windows_x64.msi /qb

To specify a custom installation directory, use the INSTALLDIR property.

> msiexec /i nxlog-4.6.4661_windows_x64.msi /q INSTALLDIR="C:\nxlog"

13.1.3. Deploying via Group Policy

For large deployments, it may be convenient to use Group Policy to manage the NXLog installation.

These steps were tested with a Windows Server 2016 domain controller and a Windows 7 client. There are multiple ways to configure NXLog deployment with Group Policy, and the required steps for your network may vary from those listed below.
  1. Log on to the server as an administrator.

  2. Set up an Active Directory group for computers requiring an NXLog installation. NXLog will be automatically installed and configured on each computer in this group.

    1. Open the Active Directory Users and Groups console (dsa.msc).

    2. Under the domain, right-click on Computers and click New  Group.

    3. Provide a name for the group (for example, nxlog). Use the Security group type and Global context (or the context suitable for your case).

    4. Add computers to the group by selecting one or more, clicking Actions  Add to a group…, and entering the group name (nxlog).

  3. Create a network share for distributing the NXLog files.

    1. Create a folder in the desired location (for example, C:\nxlog-dist).

    2. Set up the folder as a share: right-click, select Properties, open the Sharing tab, and click Share….

    3. Add the group (nxlog) and click Share. Take note of the share name provided by the wizard, it will be needed later (for example, \\WINSERV1\nxlog-dist).

    4. Copy the required files to the shared folder. If using NXLog Manager, this will include at least three files: nxlog-4.6.4661_windows_x64.msi, log4ensics.conf, and CA certificate agent-ca.pem. If not using NXLog Manager, use a custom nxlog.conf instead of log4ensics.conf, omit the CA certificate, and include any other files required by the configuration.

  4. Create a Group Policy Object (GPO) for the NXLog deployment.

    1. Open the Group Policy Management console (gpmc.msc).

    2. In the console tree, under Domains, right-click on your domain and click Create a GPO in this domain, and Link it here…; this will create a GPO under the Group Policy Objects folder and link it to the domain.

    3. Name the GPO (for example, nxlog) and click OK.

    4. Select the newly created GPO in the tree.

    5. In the Security Filtering list, add the Active Directory group created in step 2 (nxlog). Remove anything else.

    6. Right-click on the GPO and click Edit. The Group Policy Management Editor console will be opened for editing the GPO.

  5. Add the NXLog MSI to the GPO.

    Group Policy Management Editor
    Figure 1. Configured NXLog GPO
    1. Under Computer Configuration  Policies  Software Settings, right-click Software installation. Click New  Package… to create a deployment package for NXLog.

    2. Browse to the network share and open the nxlog-4.6.4661_windows_x64.msi package. It is important to use the Uniform Naming Convention (UNC) path (for example, \\WINSERV1\nxlog-dist) so the file will be accessible by the remote computers.

    3. Select the Assigned deployment method.

  6. Add the required files to the GPO by following these steps for each file.

    1. Under Computer Configuration  Preferences  Windows Settings, right-click on Files. Click New  File.

    2. Select the Replace action in the drop-down.

    3. Choose the source file on the network share (for example, \\WINSERV1\nxlog-dist\log4ensics.conf or \\WINSERV1\nxlog-dist\agent-ca.pem).

    4. Type in the destination path for the file (for example, C:\Program Files\nxlog\conf\log4ensics.conf or C:\Program Files\nxlog\cert\agent-ca.pem).

    5. Check Apply once and do not reapply under the Common tab for files that should only be deployed once. This is especially important for log4ensics.conf because NXLog Manager will write configuration changes to that file.

    6. Click OK to create the File in the GPO.

  7. After the Group Policy is updated on the clients and NXLog is installed, one more reboot will be required before the NXLog service starts automatically.

For more information about Group Policy, see the following TechNet and MSDN articles:

13.2. Upgrading

To upgrade the NXLog installation to the latest release, or to replace a trial installation of NXLog Enterprise Edition with a licensed copy, follow the steps below.

  1. Run the new MSI installer as described in the Installing section (interactively, with Msiexec, or via Group Policy). The installer should detect that the previous version is installed and do an upgrade to the same installation directory.

    To upgrade from v3.x, uninstall the previous version before installing the new version (see Uninstalling). This is necessary to transition from a per-user to a per-machine installation. This check can be skipped by passing the SKIP_PERUSER_CHECK property (such as msiexec /i nxlog-4.6.4661_windows_x64.msi /q SKIP_PERUSER_CHECK=1). Note that using SKIP_PERUSER_CHECK is unsupported and not recommended.
    If the Services console (services.msc) is running, the installer may request the computer to be rebooted or give a permission denied error. Please ensure that the Services console is not running before attempting an upgrade.
  2. Start the upgraded NXLog service with the Services console (services.msc) or by rebooting the system. Check the log file (by default, C:\Program Files\nxlog\data\nxlog.log) and verify that logging is working as expected.

For Group Policy deployments, follow these steps:

  1. Download the new MSI package as described in the Installing introduction.

  2. Place the new MSI in the distribution share (see Create a network share).

  3. Add this MSI as a new package to the NXLog GPO (follow the steps under Add the NXLog MSI).

  4. Right-click on the new package and click Properties. Open the Upgrades tab, click Add…, select the previous version from the list, and click OK.

If you want to downgrade to a previous version of NXLog, you will need to manually uninstall the current version first. See Uninstalling.

13.3. Uninstalling

NXLog can be uninstalled from the Control Panel or with Msiexec and the original NXLog MSI.

NXLog v3.x installers will remove log4ensics.conf and nxlog.conf on uninstallation, even if they have been modified. If you wish to keep these files, save them elsewhere before uninstalling NXLog v3.x.

Msiexec can be used to uninstall NXLog.

> msiexec /x nxlog-4.6.4661_windows_x64.msi /qb
This procedure will not remove any configuration files, additional files created to set up NXLog, or files that were created as a result of NXLog’s logging operations (except for v3.x installers as noted above). You may wish to remove the installation directory (by default, C:\Program Files\nxlog) after completing the uninstallation.

For Group Policy deployments, follow these steps:

  1. Open the Group Policy Object (GPO) originally created for installation (see Create a Group Policy Object).

  2. For each NXLog version that has been deployed, right-click the package and either:

    • click All Tasks  Remove…, and choose the Immediately uninstall removal method; or

    • click Properties, open the Deployment tab, and check Uninstall this application when it falls out of the scope of management.

      In this case, NXLog will be uninstalled when the GPO is no longer applied to the computer. An additional action will be required, such as removing the selected computer(s) from the nxlog group created in Set up an Active Directory group.

13.4. Configure Using a Custom MSI

NXLog can be configured using a custom built MSI package. The MSI will install CA certificate and custom configuration files of your choosing. The package can be deployed alongside the NXLog MSI. For more information, see the MSI for NXLog Agent Setup add-on.

Deployment via Group Policy already provides a way to deploy the configuration files. For this reason you might prefer to configure NXLog via GPO instead of creating a custom MSI as described in this section.