February 2021 Newsletter
This advanced article on sending logs to Azure Sentinel’s explains how the Azure Monitor HTTP Data Collector API enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Azure Sentinel queries.
We bring you two examples of sending logs to Azure Sentinel - Sending Windows DNS Server logs and Linux kernel audit logs. Since both of these log sources are of interest from a security perspective, now you can have the basic information needed to benefit from these additional security monitoring opportunities in your own enterprise.
The main advantages of sending logs to Azure Sentinel with NXLog will be:
- Event Tracing for Windows (ETW), which offers better performance because it doesn’t need to capture the trace into an .etl file and provides access to Debug and Analytical channels
- The native NXLog Linux Audit input module that works out of the box without the need to install auditd and when coupled with the NXLog Resolver extension module can resolve IP addresses as well as group/user IDs to their respective names, making Linux audit logs more intelligible to security analysts
- A general-purpose output configuration enabling Azure Sentinel to ingest events from multiple, diverse log sources simultaneously, and from any host in your enterprise having outbound access to Azure
Modern Container technology helps to alleviate issues faster across multiple environments. Linux containers are another evolutionary leap in how applications are developed, deployed, and managed.
Containerized NXLog solutions can operate as a building block for better fault-tolerance in highly available systems. Our certified containers support application lifecycle management, being now able to build beta IT systems in the same Enterprise environment where they will be deployed. NXLog certified containers fit into any given compliance standard for stable software support, transmitting data from an underlying base image to any application.
Read more about NXLog containers certified by Red Hat and help your teams simplify, speed up, and orchestrate application development and deployment with considerable ease.
The two main components of any HA deployment are Failover for fault tolerance and Load Balancing for maintaining an acceptable level of performance.
NXLog integrates with third-party load balancing solutions and ships with built-in failover capabilities. This guide will show you how to create an NXLog Failover Cluster for Centralized Log Collection and how to implement Load Balancing solutions to distribute the workload within a computing environment across a cluster of nodes to mitigate several performance issues.
Learn more about HA Deployment.
Now you can optimize the log data ingested by your Sumo Logic platform in an efficient, secure, and reliable way with NXLog.
Sumo Logic accepts data from two types of collectors, installed or hosted. Installed collectors are set up by installing agent software provided by Sumo Logic, whereas hosted collectors are used to send data over TCP or HTTP(S) from agents like NXLog which can be configured to send log data to Sumo Logic in syslog format. Additionally, it can also be configured to send host metrics.
This guide presents some scenarios in which using an NXLog agent with a Sumo Logic hosted collector has an advantage over using a Sumo Logic installed collector on its own. You'll learn how to use NXLog to collect the data, how to set up a hosted collector and a digital certificate, how to send the logs to Sumo Logic over TCP, or via a custom HTTP endpoint, and how to verify them.
Learn more here.
Top Social Media Chatter February
- NXLog gets recommended in a Twitter discussion for ingesting logs in an analysis solution - tweet
- User tweets about sending logs with SSL/TLS to Nagios Log Server with NXLog - tweet
- Article published by Microsoft on how to enhance Azure Sentinel’s log ingestion capabilities with NXLog - read
- Solarwinds mentions NXLog in their "5 Best Log Analyzer Tools for IIS Web Servers" article - read
- NXLog was recommended in a Kiwi Syslog discussion about reading text or CSV files to be forwarded to Syslog - read
- Discussion about Windows Event Log Management where NXLog gets recommended by several users - read