Dec 2020

December 2020 Newsletter

Plans for Q1 2021

Before we say goodbye to 2020, check out some of our plans for Q1 2021!

  • In a few weeks time we are releasing the NXLog Enterprise Edition v5.2 which will offer you further SCADA and ICS log collection capabilities as a follow-up to v5.1
  • The NXLog Manager 6.0, to be released in February, will help large enterprises with better scalability, more APIs, and multitenancy support
  • An update for the NXLog Community Edition is also on its way, bringing you platform updates and bugfixes
  • Our Documentation section will feature new articles on compression and encryption, integration with Loggly, high availability and failover to list but a few

We also thought you would be interested in a short "most read" compilation from 2020 you can find below. See you in 2021! 

Reliable DNS logging with NXLog

Nowadays attackers are using DNS for data theft, denial-of-service, and other malicious activity. Proactive monitoring of DNS activity can help network administrators quickly detect and respond to these threats. That's why when it comes to excessive DNS logging, it can really be resource-intensive by slowing down production systems and negatively affecting local storage. Therefore, consolidating DNS logs on a centralized logging server should be considered and part of the log collection strategy of every modern IT infrastructure. 

After reading this whitepaper on "The Importance of DNS Logging in Enterprise Security" you will have a better understanding of:

  • DNS security concerns.
  • Which DNS data can be collected and monitored.
  • BIND 9 and Windows name server logging.
  • How NXLog Enterprise Edition can help with DNS monitoring

You can also see this series of blog posts on DNS logging, where we'll walk you through how to simplify DNS log collection with NXLog.

Windows EventLog via Syslog for Log Collection

Log collection requires working with a number of different formats and protocols. Windows EventLog does not communicate with Unix-based Syslog out of the box due to architectural and design differences. However, converting EventLog data to Syslog can be very helpful for centralized log collection.

Unlike EventLog, Syslog stores the actual rendered text instead of using message templates. When Windows EventLog is converted to Syslog, the EventLog fields are mapped and concatenated into a Syslog-formatted string as a single line of text. This conversion allows the Windows events to be used with SIEM suites and other software tools that understand the Syslog format.

Read the complete article here.

Windows Event Forwarding (WEF)

Despite the importance of centralized logging, not all enterprise environments on the Windows platform make the most of Windows Event Forwarding. It is a key part of security infrastructure and is already natively supported. With no Event Forwarding set up, administrators are left in the dark regarding what is occurring in their system logs. Windows Event Forwarding comes out-of-the-box on Windows systems so that administrators do not need to worry about dependencies or the installation of third-party software. Therefore, if you are given the choice of either localized logging or centralized logging using WEF, Event Forwarding is definitely better than no centralized collection at all.

With NXLog Enterprise Edition you can make the most out of Windows Event Forwarding for a centralized log collection, which offers a solution with the im_wseventing module that allows you to set up NXLog as a Windows Event Collector and to do so even on the Linux platform. This can be compelling to users looking to centralize logs from hybrid environments since NXLog allows the collection of both WEF and Syslog based logs with a single tool when an agent-based setup is not an option.

To see more on how to configure NXLog to collect ICS events read here.

NXLog Community Edition vs. NXLog Enterprise Edition Matrix

While the NXLog Community Edition provides all the flexibility and performance of the NXLog engine, the NXLog Enterprise Edition provides additional enhancements, including modules and core features, as well as regular hot-fixes and updates which are crucial in a professional environment.

If you are new to NXLog, it may take a while before you can discover whether the feature(s) and solution(s) you are looking for are available in the NXLog Community Edition or only in the NXLog Enterprise Edition.  You can check the full comparison matrix here.

Complex Log Processing with Postsharp and NXLog

"Tracing events is very important for keeping safety in the IT infrastructure, and adding it to even complex systems and maintaining it can be really easy."

In this Postharp blog post, you can see how to use PostSharp Logging (a .NET library for automatic detailed tracing), and NXLog to collect logs from a complex enterprise application running across multiple servers, and create a system that produces, gathers, and presents logs, with only a reasonable amount of work needed by:

  • Automatic detailed logging with PostSharp
  • Collecting the logs from all the services and dump them into some common storage log server with NXLog
  • Monitoring the health of running services by easily pushing log messages to a database and display them in a reporting tool

Read the complete post here.

Let us wish you a very Happy Christmas and a Happy New Year!

Top Social Media Chatter December

What did the community have to say about NXLog on social media?  Tweet to us or share your updates with us on LinkedIn for an opportunity to be listed in this newsletter.

Reddit Posts

  • NXLog gets recommended as a log forwarder solution, so it can help PowerShell scripts to run properly through RTR. - comment

Other places

Share this post