Components of the Collector

Contents

Components of the Collector

Overview

The Collector is mainly composed of a couple of kernel drivers, along with a small set of services and libraries, that gather information about the devices in your corporate network and their activity. The Collector periodically sends all the gathered information to an Engine, where it is processed and stored. Other tools that are delivered with the Collector help you with its installation and configuration.

Find in this document the description of all the different components of the Collector and the filesystem paths where to find them in the devices of the end-users after installation. This article details as well the registry keys and the additional files created or modified during the installation of the Collector.

Windows Collector

The Windows version of the Collector includes several features in addition to the gathering of user activity. These extra features require a comprehensive set of components.

Applies to platforms: PlatformWindows.png

Windows Collector binaries

For all versions of Windows, the following components are installed:

Main driver
A kernel mode driver that gathers valuable information from the device of the end-user.
Network specific driver
A kernel mode driver that detects network connections.
Helper service
A Windows service that complements the main driver by collecting additional information.
Printing info library
A dynamic link library that is responsible for detecting printing activity.
Optional Command line configuration tool
A tool to configure the Collector from the command line.
Optional Control Panel extension
A tool to control the behaviour of the Collector that is added to the Control Panel of Windows.
Automatic updates
A component of the Collector that is responsible for downloading new versions and updating the installed components.
Coordinator
Coordination of the Collector with the Appliance to detect new updates, engage with end-users, and execute remote actions.
Nexthink Engage
Components for presenting the questions of campaigns and getting answers from the end-users.
Nexthink Act
Components that manage the execution of remote actions.
Nexhtink Reporter
A troubleshooting tool that creates debug reports for specific support cases.
Nexthink Event Log Provider
A component for logging events in the Windows Event Log.
Component File Path
Main driver nxtrdrv.sys  %Windows%\System32\drivers
Network specific driver nxtrdrv5.sys
Command line
configuration tool
nxtcfg.exe  %Windows%\System32
Control Panel
extension
nxtpanel.cpl
Helper service nxtsvc.exe  %ProgramFiles%\Nexthink\Collector\Collector
Printing info
helper library
nxtdll.dll
Nexthink Event Log Provider nxteventprovider.dll
Immersive apps nxtwrt.dll
Application start time nxtwpm.dll
Application start time (32 bit)
  • nxtwpm32.dll
  • nxtusm.exe
 %Windows%\SysWOW64
Application start time nxtwpm.dll
Coordinator service nxtcoordinator.exe  %ProgramFiles%\Nexthink\Collector\Coordinator
Engage coordinator nxteufb.exe
Act coordinator nxtcod.exe
Updates coordinator nxtupdater.exe
OpenSSL (64 bit)
  • libcrypto-1_1-x64.dll
  • libssl-1_1-x64.dll
OpenSSL (32 bit)
  • libcrypto-1_1.dll
  • libssl-1_1.dll
Nexthink Engage
  • nxtray.exe
  • nxtray.exe.config
 %ProgramFiles%\Nexthink\Collector\Engage
Nexthink Act
  • Google.Protobuf.dll
  • nxtcampaignaction.dll
  • nxtremoteactions.dll
 %ProgramFiles%\Nexthink\Collector\RemoteActions
Nexthink Reporter nxtreporter.exe  %ProgramFiles%\Nexthink\Collector\Reporter

Registry keys of the Windows Collector

On installation, the Collector creates the following keys in the Registry of Windows:

HKEY_CLASSES_ROOT\nxtrayproto
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\Collector\AppStartTime
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\DN
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RebootMarker
HKEY_LOCAL_MACHINE\SOFTWARE\Nexthink\RemoteActions
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\Nexthink Collector
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\COD
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\EndUserFeedback
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nexthink Coordinator\Modules\Updater
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Nexthink Service\runtime_stats
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv\params
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nxtrdrv5\Parameters\Wdf
HKEY_LOCAL_MACHINE\SYSTEM\Nexthink\Updater
HKEY_USERS\S-1-5-21-[X-X-X-X]\SOFTWARE\NEXThink\NxTray

Additional files of the Windows Collector

Find the log files of the Collector here:

  •  %windir%\nxtsvc.log
  •  %windir%\nxtsvc.log.bk
  •  %windir%\nxtupdater.log
  •  %windir%\nxtupdater.log.bk
  •  %windir%\nxtcoordinator.log
  •  %windir%\nxtcoordinator.log.bk
  •  %windir%\nxteufb.log
  •  %windir%\nxteufb.log.bk
  •  %windir%\nxtcod.log
  •  %windir%\nxtcod.log.bk
  •  %temp%\nxtray.log
  •  %temp%\nxtray.log.<timestamp>

Finally, Windows creates a cached copy of the kernel drivers in two folders whose names start with the name of the drivers (nxtrdrv and nxtrdrv5, respectively) followed by an unique identifier that depends on the version of the driver itself. Find the folders here:

  •  %windir%\System32\DRVSTORE

The Nexthink Reporter tool creates its logs and reports here:

  •  %temp%\nxtreporter[reportID].log
  •  %temp%\nxtreport-[hostname]-[reportID].zip

Mac Collector

The Mac version of the Collector has just the necessary components to report user activity.

Applies to platforms: PlatformMac.png

Mac Collector binaries

  • Main service: A Mac daemon that gathers valuable information from the device of the end-user.
  • Coordination service: A Mac daemon that synchronizes with the appliances to provide services such as automatic updates, end-user engagement and execution of remote actions in the near future.
Component File Path
Main service nxtsvc /Library/Application Support/Nexthink
Coordination service nxtcoordinator

Configuration files of the Mac Collector

Starting from V6.21, there is only one configuration file for the Mac Collector:

Component File Path
Configuration file config.json /Library/Application Support/Nexthink

At the end of the file config.json, find the exact version of the installed Collector and the status of the TCP connection.

Additional files of the Mac Collector

Find the log files of the Mac Collector here:

  • /Library/Logs/nxtsvcgen.log
  • /Library/Logs/nxtsvcgen.n.log (n positive, when previous log is rotated)
  • /Library/Logs/nxtcoordinator.log