Forward Windows logs

Axoflow provides a custom OpenTelemetry Collector distribution that you can use to collect logs on Windows hosts and forward them to AxoSyslog using the OpenTelemetry Protocol (OTLP/gRPC).

The distribution provides installers for AMD64 and ARM64 based Windows for:

  • Windows Server 2025
  • Windows Server 2022
  • Windows Server 2019
  • Windows 11

Steps

To forward Windows logs to AxoSyslog, complete the following steps.

  1. Configure an opentelemetry() source on the AxoSyslog that will receive the Windows logs.

  2. Download the installation package for your platform (https://github.com/axoflow/axoflow-otel-collector-releases/releases/) from the Assets section of the Axoflow OpenTelemetry Collector releases page. We provide MSI installers and binary releases for amd64 and arm64 architectures.

  3. Run the installer on your Windows host. The installer installs:

    • the collector agent (by default) to C:\Program Files\Axoflow\OpenTelemetry Collector\axoflow-otel-collector.exe, and
    • a default configuration file (C:\ProgramData\Axoflow\OpenTelemetry Collector\config.yaml) that must be edited before use.

  4. Open the configuration file (C:\ProgramData\Axoflow\OpenTelemetry Collector\config.yaml).

  5. Set the IP address and port of the AxoSyslog host where you want to send data from this Windows host. Use the IP address and port of an opentelemetry() source. For example:

    exporters:
  otlp/axosyslog:
    endpoint: 10.0.2.2:4317
    tls:
      insecure: true

    Set the TLS settings to match the configuration of the AxoSyslog opentelemetry() source.

  6. Configure receivers to collect logs of the Windows host, and the pipelines to forward them. For example, to collect event logs from the Application, System, and Security channels:

    receivers:
  windowseventlog/application:
    channel: application
    raw: true
    suppress_rendering_info: true
  windowseventlog/system:
    channel: system
    raw: true
    suppress_rendering_info: true
  windowseventlog/security:
      channel: security
      raw: true
      suppress_rendering_info: true
service:
  pipelines:
    logs/eventlog:
      receivers: [windowseventlog/application, windowseventlog/system, windowseventlog/security]
      processors: [resource/agent, resourcedetection/system]
       exporters: [otlp/axosyslog]

    For details, see the Windows installation Readme and the OpenTelemetry Collector documentation.

  7. Save the file.

  8. Restart the service.

    Restart-Service axoflow-otel-collector

    The agent starts sending data to the configured AxoSyslog.

Last modified May 19, 2025: Update content/install/windows/_index.md (1d96774)