Learn
Documentation
Support
Community

Components of Collector

Overview

Nexthink Collector comprises a set of services and libraries that gather information about the devices in your corporate network and their activity. Collector sends all the gathered information to a Nexthink instance, where the system processes and stores it. Additional Collector components deal with the features provided by optional Nexthink products. Other components help you with the installation and configuration process.

Find in this document the description of all the different components and the filesystem paths where to find them on the devices after installation. This article details as well the registry keys and the additional files created or modified during installation.

Windows Collector

The Windows version of Collector includes the following set of components:

Windows Collector binaries

For all versions of Windows, the system installs the following components:

Main driver

A kernel mode driver that gathers valuable information from employee devices

Network specific driver

A kernel mode driver that detects network connections

Helper service

A Windows service that complements the main driver by collecting additional information

Printing info library

A dynamic link library that is responsible for detecting printing activity

Automatic updates

A component of Collector that is responsible for downloading new versions and updating the installed components

Coordinator

Coordinator is responsible for establishing and maintaining a network connection with the Nexthink instance. Other components share that connection for the purpose of communication with the instance.

Nexthink Engage

Components for presenting campaign questions and getting answers from employees

Nexthink Act

Components that manage the execution of remote actions

Nexthink Reporter

A troubleshooting tool that creates debug reports for specific support cases

Nexthink Event Log Provider

A component for logging events in the Windows Event Log

Nexthink Application Experience

A component for monitoring business applications

Command line configuration tool (optional)

A tool to configure Collector from the command line

Registry keys

During installation, Collector creates the following keys in the Registry of Windows:

HKEY_CLASSES_ROOT\nxtrayproto
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector\AppStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\DN
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RebootMarker
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RemoteActions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Nexthink Collector
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\COD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\EndUserFeedback
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\Updater
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service\runtime_stats
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5\Parameters\Wdf
HKEY_LOCAL_MACHINE\SYSTEM\Nexthink\Updater
HKEY_USERS\S-1-5-21-[X-X-X-X]\SOFTWARE\NEXThink\NxTray

Additional files

Find the Collector log files here:

  • %windir%\nxtsvc.log

  • %windir%\nxtsvc.1.log

  • %windir%\nxtsvc.2.log

  • %windir%\nxtupdater.log

  • %windir%\nxtupdater.1.log

  • %windir%\nxtupdater.2.log

  • %windir%\nxtcoordinator.log

  • %windir%\nxtcoordinator.1.log

  • %windir%\nxtcoordinator.2.log

  • %windir%\nxteufb.log

  • %windir%\nxteufb.1.log

  • %windir%\nxteufb.2.log

  • %windir%\nxtcod.log

  • %windir%\nxtcod.1.log

  • %windir%\nxtcod.2.log

  • %temp%\nxtray.log

  • %temp%\nxtray.log.<timestamp>

Finally, Windows creates a cached copy of the kernel drivers in two folders whose names start with the name of the drivers (nxtrdrv and nxtrdrv5, respectively) followed by a unique identifier that depends on the version of the driver itself. Find the folders here:

  • %windir%\System32\DRVSTORE

The Nexthink Reporter tool creates its logs and reports here:

  • %temp%\nxtreporter[reportID].log

  • %temp%\nxtreport-[hostname]-[reportID].zip

Mac Collector

The macOS version of Collector includes the following set of components:

Files

Main service

A macOS daemon that gathers valuable information from employee devices

Coordination service

A macOS daemon that synchronizes with the appliances to provide services such as automatic updates, employee engagement and execution of remote actions in the near future

Application monitoring

A macOS daemon that is in charge of gathering specific data for business applications

Additional files

In the config.json file, find the exact version of the installed Collector and the status of the TCP connection.

Find the log files here:

  • /Library/Logs/nxtsvcgen.log

  • /Library/Logs/nxtsvcgen.log

  • /Library/Logs/nxtcoordinator.log

  • /Library/Logs/nxtbsm.log

  • /Library/Logs/nxtcod.log

  • /Library/Logs/nxtcsi.log

  • /Library/Logs/nxteufb.log

  • /Library/Logs/nxtextension.log

  • /Library/Logs/nxtupdater.log

Also under each user folder:

  • /Users/{username}/Library/Logs/nxthostapp.{userSID}.log

  • /Users/{username}/Library/Logs/nxtray.{userSID}.log

  • /Users/{username}/Library/Logs/nxtusm.{userSID}.log

Multiple options can be selected.

Last updated

© Nexthink

Privacy policyResponsible Disclosure Policy