NXLog User Guide
- Introduction
- Deployment
- Configuration
- OS Support
- Integration
- 42. Amazon Web Services (AWS)
- 43. Apache HTTP Server
- 44. Apache NiFi
- 45. Apache Tomcat
- 46. APC Automatic Transfer Switch
- 47. Apple macOS kernel
- 48. ArcSight Common Event Format (CEF)
- 49. Box
- 50. Brocade switches
- 51. Browser History Logs
- 52. Check Point
- 53. Cisco ACS
- 54. Cisco ASA
- 55. Cisco FireSIGHT
- 56. Cisco IPS
- 57. Cloud Instance Metadata
- 58. Common Event Expression (CEE)
- 59. Dell EqualLogic
- 60. Dell iDRAC
- 61. Dell PowerVault MD series
- 62. Devo
- 63. DHCP logs
- 64. DNS Monitoring
- 65. Docker
- 66. Elastic Cloud
- 67. Elastic Common Schema (ECS)
- 68. Elasticsearch and Kibana
- 69. F5 BIG-IP
- 70. File Integrity Monitoring
- 71. FreeRADIUS
- 72. General Electric CIMPLICITY
- 73. Google Chronicle
- 74. Graylog
- 75. HP ProCurve
- 76. IBM QRadar SIEM
- 77. Industrial Control Systems
- 78. Kubernetes
- 79. Linux Audit System
- 80. Linux system logs
- 81. Log Event Extended Format (LEEF)
- 82. LogPoint
- 83. Logstash
- 84. McAfee Enterprise Security Manager (ESM)
- 85. McAfee ePolicy Orchestrator
- 86. Micro Focus ArcSight Logger
- 87. Microsoft Active Directory Domain Controller
- 88. Microsoft Azure
- 89. Microsoft Azure Event Hubs
- 90. Microsoft Azure Sentinel
- 91. Microsoft Defender for Identity
- 92. Microsoft Exchange
- 93. Microsoft IIS
- 94. Microsoft SharePoint
- 95. Microsoft SQL Server
- 96. Microsoft System Center Endpoint Protection
- 97. Microsoft System Center Configuration Manager
- 98. Microsoft System Center Operations Manager
- 99. MongoDB
- 100. Nagios Log Server
- 101. Nessus Vulnerability Scanner
- 102. NetApp
- 103. .NET application logs
- 104. Nginx
- 105. Okta
- 106. Oracle Database
- 107. Osquery
- 108. Postfix
- 109. Promise
- 110. Raijin Database Engine
- 111. Rapid7 InsightIDR SIEM
- 112. RSA NetWitness
- 113. SafeNet KeySecure
- 114. Salesforce
- 115. SAP
- 116. Schneider Electric Citect SCADA
- 117. Siemens SICAM SCC
- 118. Siemens SIMATIC PCS 7
- 119. Snare
- 120. Snort
- 121. Solarwinds Loggly
- 122. Splunk
- 123. Sumo Logic
- 124. Symantec Endpoint Protection
- 125. Synology DiskStation
- 126. Syslog
- 127. Sysmon
- 128. Ubiquiti UniFi
- 129. VMware vCenter
- 130. Windows AppLocker
- 131. Windows Command Line Auditing
- 132. Windows Event Log
- 133. Windows Firewall
- 134. Windows Group Policy
- 135. Windows Management Instrumentation (WMI)
- 136. Windows PowerShell
- 137. Windows Time service
- 138. Microsoft Windows Update
- 139. Windows USB auditing
- 140. YOKOGAWA FAST/TOOLS
- 141. Zeek (formerly Bro) Network Security Monitor
- Troubleshooting
- Enterprise Edition Reference Manual
- NXLog Manager
- NXLog Add-Ons
Integration
-
Amazon Web Services (AWS) – Setting up integration with various services offered by AWS
-
Apache HTTP Server – Collecting and parsing messages from Apache’s error log and access log
-
Apache NiFi – Receiving and sending data to NXLog
-
Apache Tomcat – Collecting and parsing messages from Tomcat container log files
-
APC Automatic Transfer Switch – Configuring ATS logging and collecting the logs with NXLog
-
Apple macOS kernel – Configuring log collection for the Apple macOS kernel
-
ArcSight Common Event Format (CEF) – Sending and receiving log data to and from ArcSight
-
Box – Pull events from Box
-
Brocade switches – Configuring a Brocade switch to send logs and collecting the logs with NXLog
-
Browser History Logs – Collecting logs from a browser history database
-
Check Point – Collecting logs from Check Point devices using the LEA protocol
-
Cisco ACS – Collecting and parsing logs from ACS devices
-
Cisco ASA – Configuring ASA logging and parsing the logs with NXLog
-
Cisco FireSIGHT – Collect events from FireSIGHT systems
-
Cisco IPS – Collect alerts from a Cisco Intrusion Prevention System
-
Cloud Instance Metadata – Adding instance metadata to events
-
Common Event Expression (CEE) – Sending and receiving CEE-formatted logs with NXLog
-
Dell EqualLogic – Configuring EqualLogic logging and extracting fields from the log data
-
Dell iDRAC – Configuring iDRAC logging and parsing the logs with NXLog
-
Dell PowerVault MD series – Configuring PowerVault logging and collecting the logs with NXLog
-
Devo – Collecting, parsing and sending logs to devo
-
DHCP logs – Collecting logs from DHCP servers and clients
-
DNS Monitoring – Configuring DNS Server logging and parsing the logs with NXLog
-
Docker – Collecting logs from a Docker daemon or container
-
Elastic Cloud – Sending logs to Elastic Cloud via HTTPS
-
Elastic Common Schema (ECS) – Sending ECS-compliant logs
-
Elasticsearch and Kibana – Sending logs directly to Elasticsearch or to Logstash
-
F5 BIG-IP – Configuring BIG-IP logging and collecting the logs with NXLog
-
File Integrity Monitoring – Using NXLog to detect and log changes to files and directories
-
FreeRADIUS – Processing FreeRadius authentication and accounting logs with NXLog
-
General Electric CIMPLICITY – Collecting Logs from General Electric CIMPLICITY using NXLog
-
Google Chronicle – Forwarding log data to Google Chronicle
-
Graylog – Using NXLog as a collector for Graylog
-
HP ProCurve – Configuring logging on ProCurve devices and collecting the logs with NXLog
-
IBM QRadar SIEM – Integrating NXLog with IBM QRadar SIEM
-
Kubernetes – Collecting application, system, and audit logs from Kubernetes
-
Linux Audit System – Collecting Audit logs with NXLog
-
Linux system logs – Using NXLog to collect system logs on Linux
-
Log Event Extended Format (LEEF) – Sending and receiving LEEF-formatted logs
-
LogPoint – Sending and receiving logs to and from LogPoint
-
Logstash – Sending and receiving logs to and from Logstash
-
McAfee Enterprise Security Manager (ESM) – Setting up McAfee ESM and sending events
-
McAfee ePolicy Orchestrator – Collect logs from McAfee ePolicy Orchestrator
-
Micro Focus ArcSight Logger – Sending and receiving logs to and from ArcSight Logger
-
Microsoft Active Directory Domain Controller – Collecting domain controller debug logs with NXLog
-
Microsoft Azure – Integrating NXLog with Azure services
-
Microsoft Azure Event Hubs – Forwarding log data to Microsoft Azure Event Hubs
-
Microsoft Azure Sentinel – Forwarding log data to Microsoft Azure Sentinel
-
Microsoft Defender for Identity – Collecting and forwarding logs from Microsoft Defender for Identity
-
Microsoft Exchange – Configuring and collecting several different types of Exchange logs
-
Microsoft IIS – Configuring and collecting various logs written by IIS
-
Microsoft SharePoint – Collecting several types of SharePoint logs with NXLog
-
Microsoft SQL Server – Collecting SQL Server logs, and reading from or writing to a database
-
Microsoft System Center Endpoint Protection – Collect and parse events from the SCEP client
-
Microsoft System Center Configuration Manager – Setting up SCCM log collection
-
Microsoft System Center Operations Manager – Setting up SCOM log collection
-
MongoDB – Collecting log data from a MongoDB database
-
Nagios Log Server – Uses NXLog to send logs to Nagios Log Server
-
Nessus Vulnerability Scanner – Parsing Nessus scan results with NXLog Enterprise Edition
-
NetApp – Configuring NetApp logging and collecting the logs with NXLog
-
.NET application logs – Adding logging functionality to a .NET application
-
Nginx – Collecting and parsing Nginx error and access logs
-
Okta – Pull events from Okta
-
Oracle Database – Collecting Oracle Database logs and reading from and writing to an Oracle database
-
Postfix – Configuring Postfix logging and collecting the logs with NXLog
-
Promise – Collecting Promise SAN logs with NXLog
-
Raijin Database Engine – Forwarding log data to Raijin Server
-
Rapid7 InsightIDR SIEM – Collecting, parsing and sending logs to Rapid7 InsightIDR SIEM
-
RSA NetWitness – Sending logs to NetWitness with NXLog
-
SafeNet KeySecure – Collecting and parsing logs from KeySecure devices
-
Salesforce – Fetch events from Salesforce
-
SAP – Collect and parse logs from an SAP system
-
Schneider Electric Citect SCADA – Collecting log data from Schneider Electric Citect SCADA using NXLog
-
Siemens SICAM SCC – Configure NXLog to collect logs from Siemens SICAM SCC
-
Siemens SIMATIC PCS 7 – Configure NXLog to collect logs from Siemens SIMATIC PCS 7
-
Snare – Sending and receiving Snare-formatted logs with NXLog
-
Snort – Collecting and parsing Snort alert logs
-
Solarwinds Loggly – Collecting, parsing, and sending logs to Loggly
-
Splunk – Forwarding log data to Splunk
-
Sumo Logic – Collecting, parsing, and sending logs to the Sumo Logic platform
-
Symantec Endpoint Protection – Collect virus alerts and audit events from an SEPM server
-
Synology DiskStation – Collecting logs from a DiskStation appliance
-
Syslog – Using the various Syslog formats with NXLog
-
Sysmon – Collecting, parsing, and filtering Sysmon events
-
Ubiquiti UniFi – Configuring UniFi logging; collecting and parsing the logs with NXLog
-
VMware vCenter – Collecting vCenter logs locally or remotely
-
Windows AppLocker – Collecting events generated by the AppLocker system
-
Windows Command Line Auditing – Auditing Windows command line
-
Windows Event Log – Collecting Windows Event Log data locally or remotely
-
Windows Firewall – Configuring and collecting various types of Windows Firewall logs
-
Windows Group Policy – Collect and parse events from Windows Group Policy
-
Windows Management Instrumentation (WMI) – Collecting events from WMI log files
-
Windows PowerShell – Using PowerShell scripts and logging PowerShell activity
-
Windows Time service – Collecting Windows Time service logs
-
Microsoft Windows Update – Collecting Windows Update Logs
-
Windows USB auditing – Windows USB Auditing
-
YOKOGAWA FAST/TOOLS – Configure NXLog to collect logs from YOKOGAWA FAST/TOOLS
-
Zeek (formerly Bro) Network Security Monitor – Using NXLog to collect logs from Zeek