- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- 42. Amazon Web Services (AWS)
- 43. Apache HTTP Server
- 44. Apache NiFi
- 45. Apache Tomcat
- 46. APC Automatic Transfer Switch
- 47. Apple macOS kernel
- 48. ArcSight Common Event Format (CEF)
- 49. Box
- 50. Brocade switches
- 51. Browser History Logs
- 52. Check Point
- 53. Cisco ACS
- 54. Cisco ASA
- 55. Cisco FireSIGHT
- 56. Cisco IPS
- 57. Cloud Instance Metadata
- 58. Common Event Expression (CEE)
- 59. Dell EqualLogic
- 60. Dell iDRAC
- 61. Dell PowerVault MD series
- 62. Devo
- 63. DHCP logs
- 64. DNS Monitoring
- 65. Docker
- 66. Elastic Common Schema (ECS)
- 67. Elasticsearch and Kibana
- 68. F5 BIG-IP
- 69. File Integrity Monitoring
- 70. FreeRADIUS
- 71. Google Chronicle
- 72. Graylog
- 73. HP ProCurve
- 74. IBM QRadar SIEM
- 75. Industrial Control Systems
- 76. Kubernetes
- 77. Linux Audit System
- 78. Linux system logs
- 79. Log Event Extended Format (LEEF)
- 80. LogPoint
- 81. Logstash
- 82. McAfee Enterprise Security Manager (ESM)
- 83. McAfee ePolicy Orchestrator
- 84. Microsoft Active Directory Domain Controller
- 85. Microsoft Azure
- 86. Microsoft Azure Event Hubs
- 87. Microsoft Azure Sentinel
- 88. Microsoft Exchange
- 89. Microsoft IIS
- 90. Microsoft SharePoint
- 91. Microsoft SQL Server
- 92. Microsoft System Center Endpoint Protection
- 93. Microsoft System Center Configuration Manager
- 94. Microsoft System Center Operations Manager
- 95. MongoDB
- 96. Nagios Log Server
- 97. Nessus Vulnerability Scanner
- 98. NetApp
- 99. .NET application logs
- 100. Nginx
- 101. Okta
- 102. Oracle Database
- 103. Osquery
- 104. Postfix
- 105. Promise
- 106. Raijin Database Engine
- 107. Rapid7 InsightIDR SIEM
- 108. RSA NetWitness
- 109. SafeNet KeySecure
- 110. Salesforce
- 111. Snare
- 112. Snort
- 113. Solarwinds Loggly
- 114. Splunk
- 115. Sumo Logic
- 116. Symantec Endpoint Protection
- 117. Synology DiskStation
- 118. Syslog
- 119. Sysmon
- 120. Ubiquiti UniFi
- 121. VMware vCenter
- 122. Windows AppLocker
- 123. Windows Command Line Auditing
- 124. Windows Event Log
- 125. Windows Firewall
- 126. Windows Group Policy
- 127. Windows Management Instrumentation (WMI)
- 128. Windows PowerShell
- 129. Microsoft Windows Update
- 130. Windows USB auditing
- 131. Zeek (formerly Bro) Network Security Monitor
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
Integration
-
Amazon Web Services (AWS) – Setting up integration with various services offered by AWS
-
Apache HTTP Server – Collecting and parsing messages from Apache’s error log and access log
-
Apache NiFi – Receiving and sending data to NXLog
-
Apache Tomcat – Collecting and parsing messages from Tomcat container log files
-
APC Automatic Transfer Switch – Configuring ATS logging and collecting the logs with NXLog
-
Apple macOS kernel – Configuring log collection for the Apple macOS kernel
-
ArcSight Common Event Format (CEF) – Sending and receiving log data to and from ArcSight
-
Box – Pull events from Box
-
Brocade switches – Configuring a Brocade switch to send logs and collecting the logs with NXLog
-
Browser History Logs – Collecting logs from a browser history database
-
Check Point – Collecting logs from Check Point devices using the LEA protocol
-
Cisco ACS – Collecting and parsing logs from ACS devices
-
Cisco ASA – Configuring ASA logging and parsing the logs with NXLog
-
Cisco FireSIGHT – Collect events from FireSIGHT systems
-
Cisco IPS – Collect alerts from a Cisco Intrusion Prevention System
-
Cloud Instance Metadata – Adding instance metadata to events
-
Common Event Expression (CEE) – Sending and receiving CEE-formatted logs with NXLog
-
Dell EqualLogic – Configuring EqualLogic logging and extracting fields from the log data
-
Dell iDRAC – Configuring iDRAC logging and parsing the logs with NXLog
-
Dell PowerVault MD series – Configuring PowerVault logging and collecting the logs with NXLog
-
Devo – Collecting, parsing and sending logs to devo
-
DHCP logs – Collecting logs from DHCP servers and clients
-
DNS Monitoring – Configuring DNS Server logging and parsing the logs with NXLog
-
Docker – Collecting logs from a Docker daemon or container
-
Elastic Common Schema (ECS) – Sending ECS-compliant logs
-
Elasticsearch and Kibana – Sending logs directly to Elasticsearch or to Logstash
-
F5 BIG-IP – Configuring BIG-IP logging and collecting the logs with NXLog
-
File Integrity Monitoring – Using NXLog to detect and log changes to files and directories
-
FreeRADIUS – Processing FreeRadius authentication and accounting logs with NXLog
-
Google Chronicle – Forwarding log data to Google Chronicle
-
Graylog – Using NXLog as a collector for Graylog
-
HP ProCurve – Configuring logging on ProCurve devices and collecting the logs with NXLog
-
IBM QRadar SIEM – Integrating NXLog with IBM QRadar SIEM
-
Industrial Control Systems – Collecting and processing logs from various industrial control systems
-
Kubernetes – Collecting application, system, and audit logs from Kubernetes
-
Linux Audit System – Collecting Audit logs with NXLog
-
Linux system logs – Using NXLog to collect system logs on Linux
-
Log Event Extended Format (LEEF) – Sending and receiving LEEF-formatted logs
-
LogPoint – Sending and receiving logs to and from LogPoint
-
Logstash – Sending and receiving logs to and from Logstash
-
McAfee Enterprise Security Manager (ESM) – Setting up McAfee ESM and sending events
-
McAfee ePolicy Orchestrator – Collect logs from McAfee ePolicy Orchestrator
-
Microsoft Active Directory Domain Controller – Collecting domain controller debug logs with NXLog
-
Microsoft Azure – Integrating NXLog with Azure services
-
Microsoft Azure Event Hubs – Forwarding log data to Microsoft Azure Event Hubs
-
Microsoft Azure Sentinel – Forwarding log data to Microsoft Azure Sentinel
-
Microsoft Exchange – Configuring and collecting several different types of Exchange logs
-
Microsoft IIS – Configuring and collecting various logs written by IIS
-
Microsoft SharePoint – Collecting several types of SharePoint logs with NXLog
-
Microsoft SQL Server – Collecting SQL Server logs, and reading from or writing to a database
-
Microsoft System Center Endpoint Protection – Collect and parse events from the SCEP client
-
Microsoft System Center Configuration Manager – Setting up SCCM log collection
-
Microsoft System Center Operations Manager – Setting up SCOM log collection
-
MongoDB – Collecting log data from a MongoDB database
-
Nagios Log Server – Uses NXLog to send logs to Nagios Log Server
-
Nessus Vulnerability Scanner – Parsing Nessus scan results with NXLog Enterprise Edition
-
NetApp – Configuring NetApp logging and collecting the logs with NXLog
-
.NET application logs – Adding logging functionality to a .NET application
-
Nginx – Collecting and parsing Nginx error and access logs
-
Okta – Pull events from Okta
-
Oracle Database – Collecting Oracle Database logs and reading from and writing to an Oracle database
-
Postfix – Configuring Postfix logging and collecting the logs with NXLog
-
Promise – Collecting Promise SAN logs with NXLog
-
Raijin Database Engine – Forwarding log data to Raijin Server
-
Rapid7 InsightIDR SIEM – Collecting, parsing and sending logs to Rapid7 InsightIDR SIEM
-
RSA NetWitness – Sending logs to NetWitness with NXLog
-
SafeNet KeySecure – Collecting and parsing logs from KeySecure devices
-
Salesforce – Fetch events from Salesforce
-
Snare – Sending and receiving Snare-formatted logs with NXLog
-
Snort – Collecting and parsing Snort alert logs
-
Solarwinds Loggly – Collecting, parsing, and sending logs to Loggly
-
Splunk – Forwarding log data to Splunk
-
Sumo Logic – Collecting, parsing, and sending logs to the Sumo Logic platform
-
Symantec Endpoint Protection – Collect virus alerts and audit events from an SEPM server
-
Synology DiskStation – Collecting logs from a DiskStation appliance
-
Syslog – Using the various Syslog formats with NXLog
-
Sysmon – Collecting, parsing, and filtering Sysmon events
-
Ubiquiti UniFi – Configuring UniFi logging; collecting and parsing the logs with NXLog
-
VMware vCenter – Collecting vCenter logs locally or remotely
-
Windows AppLocker – Collecting events generated by the AppLocker system
-
Windows Command Line Auditing – Auditing Windows command line
-
Windows Event Log – Collecting Windows Event Log data locally or remotely
-
Windows Firewall – Configuring and collecting various types of Windows Firewall logs
-
Windows Group Policy – Collect and parse events from Windows Group Policy
-
Windows Management Instrumentation (WMI) – Collecting events from WMI log files
-
Windows PowerShell – Using PowerShell scripts and logging PowerShell activity
-
Microsoft Windows Update – Collecting Windows Update Logs
-
Windows USB auditing – Windows USB Auditing
-
Zeek (formerly Bro) Network Security Monitor – Using NXLog to collect logs from Zeek