April 2021 Newsletter
We are excited to announce the release of NXLog Enterprise Edition v5.3! Bringing yet more power for users and administrators of macOS-based machines, with extended macOS Unified Logging System capabilities, introducing support for Apple Silicon M1 chip, and macOS BigSur support. Now, log collection among even the most heterogeneous systems is more convenient and reliable.
We also added a new output module for sending data to Azure Log Analytics workspaces used by Microsoft Azure Sentinel and Azure Monitor.
The Packet Capture (im_pcap) module which passively monitors network traffic, now supports parsing the IEC-61860 protocol for intelligent electronic devices at electrical substations, and the HTTP input and output modules are currently supporting NXLog's own binary format for structured log transmission and can now do compression.
Download a free fully-functional trial version of NXLog Enterprise Edition v5.3 to see how it could help your organization.
macOS is an important desktop operating system for creative roles across most organizations, from startups to multi-national corporations. The main challenge that has prevented a more widespread adoption of macOS in such organizations is the lack of software solutions that can provide a centralized collection of macOS security logs. Until now.
NXLog Enterprise Edition is by far the most configurable and versatile logging solution for macOS. It can filter, normalize, and aggregate logs from multiple Macs into a single SIEM input stream, being capable of collecting all types of logs from Apple OS X 10.11 (El Capitan) as well as any release of macOS running on any Mac hardware, including Macs equipped with Apple’s M1 Chip. This includes:
- Apple System Log (ASL) logs
- Native module to collect ULS events
- Logs from the BSM auditing system
- macOS kernel logs
- File Integrity Monitoring (FIM) and more
Learn more about macOS logging.
Yes, with NXLog you can either collect and process logs from different sources on the same host, without the need to install the different Elastic Beats for each log source shipping them to Logstash or use it as an alternative to Logstash, forwarding data directly to Elasticsearch.
Logstash can be resource-intensive and requires Java to run. For this reason, it is often used as an ingester, with different data shippers forwarding logs to it, where each type of log source requires a special agent. NXLog, with its small resource footprint, can act as a data shipper for Logstash with the benefit of being an all-in-one solution. This way it provides support for log sources that are not directly supported by Logstash, including collecting logs using Event Tracing for Windows or kernel log messages for Linux, BSD, and macOS.
Find out how you can ship logs to Logstash or directly to Elasticsearch.
A large MSSP needed a way to collect the huge amount of log data generated at all their clients’ endpoints and then have it forwarded into their Securonix SIEM platform while maintaining security and compliance to various regulations. They wanted a solution that was simple to work with and especially one that can be standardized across all systems.
The NXLog Enterprise Edition and its Support Services enabled Atmosera (US-based MSSP) to implement a scalable logging system by making sure that all their log data is collected in an efficient, secure, and reliable way.
Top Social Media Chatter April
- Processing EVTX files with NXLog - See discussion
- NXLog new release was mentioned in the Enterprise Security Magazine as a game-changer for macOS logging - read the article