Announcing NXLog Enterprise Edition v3.0

We are proud to announce the general availability of NXLog Enterprise Edition v3.0 which is a major step forward to enhance the features and reliability of our flagship product. Below is a list of highlights in the new major release.

Multi platform support for Windows Event Forwarding

A new input module (im_wseventing) can be used to collect forwarded events from Windows hosts. The Windows clients can be configured from Group Policy to send Windows EventLog using Windows Event Forwarding. NXLog already supported collecting Windows EventLog remotely in earlier versions over WMI and MSRPC but this new capability is a major step for secure data collection from Windows machines in agentless mode supporting both Kerberos and HTTPS data transfer. Moreover the new im_wseventing module is platform independent and works on GNU/Linux as well whereby a single NXLog server running on GNU/Linux can be used to collect all your event data in the enterprise including Syslog and Windows EventLog.

The new release brings a WTMP parser

The new release, 2.7.1189 brings a WTMP parser module and a dozen other fixes and enhancements. The following is an excerpt from the changelog:
 
The LICENSE has changed.
Added a new extension module to parse binary wtmp files on Linux.
Fixed a regression causing a crash after the 'failed to determine FQDN hostname' error message.
The to_syslog_*() procedures can now use $raw_event if $Message is unset to make it easier to convert to syslog.
Added a fix to im_msvistalog to handle the "EvtNext failed with error 13: The data is invalid." error better.
The im_file module now emits the last event when using with the xm_multiline extension.

Advanced log correlation

Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event log correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.
In addition to the above the following fixes and enhancements are available in this release:

nxlog v1.4.607 released

The documentation has been greatly enhanced. Some possible memory leaks and race conditions were fixed. The code can now be compiled with older APR 1.2. Group memberships are honored on Unix/Linux, and a regression in the im_file module has been fixed when using wildcards.

nxlog v1.4.571 released

The code can now be compiled for Android. SNARE Syslog format support has been added for output. The im_mseventlog module can now produce output in UTF-8 and its error handling was enhanced to be more fault tolerant against the EventLog subsystem's failures. The im_mseventlog and im_msvistalog modules now set the AccountType and Category fields. A ReadFromLast configuration directive was added for the im_mseventlog and im_file modules

nxlog v1.2.494 released

This release fixes a database reconnection issue in om_dbi which was affecting PostgreSQL. Syslog conversion now strips newlines from the message. A new module, im_msvistalog, was added to support reading all messages from Windows EventLog on Windows2008, Vista, and later.