Active Directory

NXLog is a third-party tool that collects and processes logs. Arctic Wolf® uses NXLog to package these log files into Snare files that are generated by the Windows Server domain controller directory service:

NXLog

Windows Event Logs
DHCP logs if the DHCP service is installed on the same server

The Snare files are sent to the Arctic Wolf syslog listener, located on an Arctic Wolf Sensor or Virtual Log Collector (vLC), where they are preprocessed and then sent to the Arctic Wolf platform.

Integrations and Log Forwarding Active Directory (AD) Sensor Windows Managed Detection and Response (MDR) User Guide Installation or Configuration Public

Last updated: April 7, 2026