Sep 2021

NXLog Enterprise Edition version 5.4 is out!

We are happy to report that the next release of NXLog Enterprise Edition v5 is now available. Version 5.4 fixes issues and brings new functionalities, including:

  • Support for collecting Apple Endpoint Security events 
  • The windows installer is verified to work on and to support Windows 2022 server which went GA this month
  • New packages for Debian 11 (bullseye) are now available
  • New packages for Red Hat Enterprise 8 and Ubuntu 20 AA64 are now available
  • The xm_syslog can now create Snare compatible messages without adding a syslog header using the to_snare() function
  • Support for pulling data from Azure Log Analytics Workspaces (technology preview)

Download a free fully-functional trial version of NXLog Enterprise Edition v5.4 to see how it could help your organization.


Collecting Kubernetes logs with NXLog

A Kubernetes deployment is a highly dynamic environment. Containers can be created, deleted, or rescheduled at any point in time, making the transient nature of containers a challenge to manage in itself. When containers crash or are deleted, the system removes all the data related to that container, including logs that could potentially hold valuable information for troubleshooting.

Kubernetes clusters also consist of multiple components, each creating their own logging in different locations and formats. This logging is extremely important for monitoring and troubleshooting cluster-level problems, however, the volume of logging that is generated makes it impossible to manage manually while staying on top of any potential issues.

Read the complete article on how to deploy NXLog Enterprise Edition to collect logs from your Kubernetes cluster.


Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python

Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. 

Extracting simple application data — such as sensor readings or application requests — out of individual packets requires some post-processing effort, which is often device-specific, and the Modbus protocol also has a number of quirks that can make the interaction between devices more difficult to analyze. For example, error responses contain very little information besides the error code itself, and even that is not very informative. Extracting high-level application traffic data often requires correlating data from multiple packets.

Here are 3 approaches on how NXLog can handle and analyze this kind of traffic.


Reading the systemd journal

Many modern Linux distributions use the systemd init system, which includes a journal component for handling log messages. All messages generated by systemd-controlled processes are sent to the journal. The journal stores logs in a binary format, either in memory or on disk; where the logs can be accessed with the journalctl tool. 

NXLog can be configured to read systemd journal messages directly with the im_systemd input module. Learn more.


Sending Siemens SIMATIC PCS 7 logs to Microsoft Azure Sentinel

Because of the nature and size of the systems controlled by Siemens SIMATIC PCS 7, continuous and safe operation is a must with no room for errors or trade-offs. The logs produced by SIMATIC PCS 7 can provide crucial information about the operation of the entire system it controls. However, the inconsistent formatting and the noisiness of the logs could present some challenges. 

Some of the logs are available through Windows Event Log, but most of the logs are stored as flat files. With NXog it's possible to collect these logs, playing an important role when normalizing logs in order to be accepted by Microsoft Azure Sentinel. 

Forwarding logs to Azure Sentinel is straightforward with NXLog. All it takes is following a few simple configuration steps. Find out more.


Top Social Media Chatter September

What did the community have to say about NXLog on social media?  Tweet us or share our updates with us on LinkedIn for an opportunity to be listed in this newsletter.

Twitter

  • NXLog mentioned on Twitter as the best tool for collecting logs from Windows - Tweet
  • NXLog mentioned in a Twitter thread with a poll about collecting logs from Windows and Linux - Tweet
  • Tweet about Apple news mentioning macOS logging with NXLog Enterprise Edition - Tweet

Others

  • Cybermusa article about "AlienVault OSSIM v/s Splunk" where NXLog is mentioned - Read article
  • Publication from Securonix, devoted to using NXLog for MSSQL audit - Read publication
  • French video about adding a Windows client in Graylog using NXLog  - Watch video
  • NXLog as one of the "5 Best Tools for Log Collection and Archiving" by SolarWinds - Read article

Share this post