- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- 42. Amazon Web Services (AWS)
- 43. Apache HTTP Server
- 44. Apache NiFi
- 45. Apache Tomcat
- 46. APC Automatic Transfer Switch
- 47. Apple macOS kernel
- 48. ArcSight Common Event Format (CEF)
- 49. Box
- 50. Brocade switches
- 51. Browser History Logs
- 52. Check Point
- 53. Cisco ACS
- 54. Cisco ASA
- 55. Cisco FireSIGHT
- 56. Cisco IPS
- 57. Cloud Instance Metadata
- 58. Common Event Expression (CEE)
- 59. Dell EqualLogic
- 60. Dell iDRAC
- 61. Dell PowerVault MD series
- 62. Devo
- 63. DHCP logs
- 64. DNS Monitoring
- 65. Docker
- 66. Elasticsearch and Kibana
- 67. F5 BIG-IP
- 68. File Integrity Monitoring
- 69. FreeRADIUS
- 70. Google Chronicle
- 71. Graylog
- 72. HP ProCurve
- 73. IBM QRadar SIEM
- 74. Industrial Control Systems
- 75. Linux Audit System
- 76. Linux system logs
- 77. Log Event Extended Format (LEEF)
- 78. Logstash
- 79. McAfee Enterprise Security Manager (ESM)
- 80. McAfee ePolicy Orchestrator
- 81. Microsoft Active Directory Domain Controller
- 82. Microsoft Azure
- 83. Microsoft Azure Event Hubs
- 84. Microsoft Azure Sentinel
- 85. Microsoft Exchange
- 86. Microsoft IIS
- 87. Microsoft SharePoint
- 88. Microsoft SQL Server
- 89. Microsoft System Center Endpoint Protection
- 90. Microsoft System Center Configuration Manager
- 91. Microsoft System Center Operations Manager
- 92. MongoDB
- 93. Nagios Log Server
- 94. Nessus Vulnerability Scanner
- 95. NetApp
- 96. .NET application logs
- 97. Nginx
- 98. Okta
- 99. Oracle Database
- 100. Osquery
- 101. Postfix
- 102. Promise
- 103. Raijin Database Engine
- 104. Rapid7 InsightIDR SIEM
- 105. RSA NetWitness
- 106. SafeNet KeySecure
- 107. Salesforce
- 108. Snare
- 109. Snort
- 110. Solarwinds Loggly
- 111. Splunk
- 112. Sumo Logic
- 113. Symantec Endpoint Protection
- 114. Synology DiskStation
- 115. Syslog
- 116. Sysmon
- 117. Ubiquiti UniFi
- 118. VMware vCenter
- 119. Windows AppLocker
- 120. Windows Command Line Auditing
- 121. Windows Event Log
- 122. Windows Firewall
- 123. Windows Group Policy
- 124. Windows Management Instrumentation (WMI)
- 125. Windows PowerShell
- 126. Microsoft Windows Update
- 127. Windows USB auditing
- 128. Zeek (formerly Bro) Network Security Monitor
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
Integration
-
Amazon Web Services (AWS) – Setting up integration with various services offered by AWS
-
Apache HTTP Server – Collecting and parsing messages from Apache’s error log and access log
-
Apache NiFi – Receiving and sending data to NXLog
-
Apache Tomcat – Collecting and parsing messages from Tomcat container log files
-
APC Automatic Transfer Switch – Configuring ATS logging and collecting the logs with NXLog
-
Apple macOS kernel – Configuring log collection for the Apple macOS kernel
-
ArcSight Common Event Format (CEF) – Sending and receiving log data to and from ArcSight
-
Box – Pull events from Box
-
Brocade switches – Configuring a Brocade switch to send logs and collecting the logs with NXLog
-
Browser History Logs – Collecting logs from a browser history database
-
Check Point – Collecting logs from Check Point devices using the LEA protocol
-
Cisco ACS – Collecting and parsing logs from ACS devices
-
Cisco ASA – Configuring ASA logging and parsing the logs with NXLog
-
Cisco FireSIGHT – Collect events from FireSIGHT systems
-
Cisco IPS – Collect alerts from a Cisco Intrusion Prevention System
-
Cloud Instance Metadata – Adding instance metadata to events
-
Common Event Expression (CEE) – Sending and receiving CEE-formatted logs with NXLog
-
Dell EqualLogic – Configuring EqualLogic logging and extracting fields from the log data
-
Dell iDRAC – Configuring iDRAC logging and parsing the logs with NXLog
-
Dell PowerVault MD series – Configuring PowerVault logging and collecting the logs with NXLog
-
Devo – Collecting, parsing and sending logs to devo
-
DHCP logs – Collecting logs from DHCP servers and clients
-
DNS Monitoring – Configuring DNS Server logging and parsing the logs with NXLog
-
Docker – Collecting logs from a Docker daemon or container
-
Elasticsearch and Kibana – Sending logs directly to Elasticsearch or to Logstash
-
F5 BIG-IP – Configuring BIG-IP logging and collecting the logs with NXLog
-
File Integrity Monitoring – Using NXLog to detect and log changes to files and directories
-
FreeRADIUS – Processing FreeRadius authentication and accounting logs with NXLog
-
Google Chronicle – Forwarding log data to Google Chronicle
-
Graylog – Using NXLog as a collector for Graylog
-
HP ProCurve – Configuring logging on ProCurve devices and collecting the logs with NXLog
-
IBM QRadar SIEM – Integrating NXLog with IBM QRadar SIEM
-
Industrial Control Systems – Collecting and processing logs from various industrial control systems
-
Linux Audit System – Collecting Audit logs with NXLog
-
Linux system logs – Using NXLog to collect system logs on Linux
-
Log Event Extended Format (LEEF) – Sending and receiving LEEF-formatted logs
-
Logstash – Sending and receiving logs to and from Logstash
-
McAfee Enterprise Security Manager (ESM) – Setting up McAfee ESM and sending events
-
McAfee ePolicy Orchestrator – Collect logs from McAfee ePolicy Orchestrator
-
Microsoft Active Directory Domain Controller – Collecting domain controller debug logs with NXLog
-
Microsoft Azure – Integrating NXLog with Azure services
-
Microsoft Azure Event Hubs – Forwarding log data to Microsoft Azure Event Hubs
-
Microsoft Azure Sentinel – Forwarding log data to Microsoft Azure Sentinel
-
Microsoft Exchange – Configuring and collecting several different types of Exchange logs
-
Microsoft IIS – Configuring and collecting various logs written by IIS
-
Microsoft SharePoint – Collecting several types of SharePoint logs with NXLog
-
Microsoft SQL Server – Collecting SQL Server logs, and reading from or writing to a database
-
Microsoft System Center Endpoint Protection – Collect and parse events from the SCEP client
-
Microsoft System Center Configuration Manager – Setting up SCCM log collection
-
Microsoft System Center Operations Manager – Setting up SCOM log collection
-
MongoDB – Collecting log data from a MongoDB database
-
Nagios Log Server – Uses NXLog to send logs to Nagios Log Server
-
Nessus Vulnerability Scanner – Parsing Nessus scan results with NXLog Enterprise Edition
-
NetApp – Configuring NetApp logging and collecting the logs with NXLog
-
.NET application logs – Adding logging functionality to a .NET application
-
Nginx – Collecting and parsing Nginx error and access logs
-
Okta – Pull events from Okta
-
Oracle Database – Collecting Oracle Database logs and reading from and writing to an Oracle database
-
Postfix – Configuring Postfix logging and collecting the logs with NXLog
-
Promise – Collecting Promise SAN logs with NXLog
-
Raijin Database Engine – Forwarding log data to Raijin Server
-
Rapid7 InsightIDR SIEM – Collecting, parsing and sending logs to Rapid7 InsightIDR SIEM
-
RSA NetWitness – Sending logs to NetWitness with NXLog
-
SafeNet KeySecure – Collecting and parsing logs from KeySecure devices
-
Salesforce – Fetch events from Salesforce
-
Snare – Sending and receiving Snare-formatted logs with NXLog
-
Snort – Collecting and parsing Snort alert logs
-
Solarwinds Loggly – Collecting, parsing, and sending logs to Loggly
-
Splunk – Forwarding log data to Splunk
-
Sumo Logic – Collecting, parsing, and sending logs to the Sumo Logic platform
-
Symantec Endpoint Protection – Collect virus alerts and audit events from an SEPM server
-
Synology DiskStation – Collecting logs from a DiskStation appliance
-
Syslog – Using the various Syslog formats with NXLog
-
Sysmon – Collecting, parsing, and filtering Sysmon events
-
Ubiquiti UniFi – Configuring UniFi logging; collecting and parsing the logs with NXLog
-
VMware vCenter – Collecting vCenter logs locally or remotely
-
Windows AppLocker – Collecting events generated by the AppLocker system
-
Windows Command Line Auditing – Auditing Windows command line
-
Windows Event Log – Collecting Windows Event Log data locally or remotely
-
Windows Firewall – Configuring and collecting various types of Windows Firewall logs
-
Windows Group Policy – Collect and parse events from Windows Group Policy
-
Windows Management Instrumentation (WMI) – Collecting events from WMI log files
-
Windows PowerShell – Using PowerShell scripts and logging PowerShell activity
-
Microsoft Windows Update – Collecting Windows Update Logs
-
Windows USB auditing – Windows USB Auditing
-
Zeek (formerly Bro) Network Security Monitor – Using NXLog to collect logs from Zeek