March 2020 Newsletter
We are happy to announce the release of NXLog Enterprise Edition v4.7 This release is mostly about minor functionality improvements and bug fixes. Read the changelog and download the latest release here.
Recent versions of Windows PowerShell provide several features for logging of activity from PowerShell sessions. NXLog can be configured to collect and parse these logs. See the new Logging PowerShell Activity section for our sub-sections on Module Logging, Script Block Logging, and Transcription logs.
In awareness documents aimed at application and web security specialists, the Open Web Application Security Project (OWASP) identified "insufficient logging and monitoring" as among the top 10 most critical web application security risks and top 10 API security risks for 2017 and 2019 respectively. Read the article here.
At NXLog we aim to provide quality service and support to our customers despite the restrictions associated with COVID-19. The company has established a business continuity plan, which ensures the continuity of services for our clients during this global pandemic. The business continuity plan consists of two main parts as outlined in this announcement.
From MacOS Catalina, NXLog will have two different packages for MacOS. See the deployment guide for Apple macOS.
Top Social Media Chatter in February/March
- "WEF probably is the most flexible and easier to accept by the people managing the endpoints, NXLog of winlogbeat on the collector to send it forward, of which NXLog probably is more flexible if you want to change the final receiver in the end (not tight to ELK or Splunk)" - Tweet
- "Yeah, you can make it alert on anything. I get an email every time event 4740 (account lockout) occurs. I think Graylog has some Windows log shipper software now, but at the time I set it up, it didn't exist. I'm currently using NXlog to send from Windows." - Tweet
- "I've been using WEFFLES to get all Windows logs to a central server, and NXlog to send them to Graylog." - comment.
- Many ideas and configurations shared on NXLog and Graylog integration in this thread.
- "Move 7 days old IIS logs to date structured folder" - comment on how they are sending logs using NXLog
- Sharing text files on a server via web interface? Use NXLog!
- "If you have more than one DC you can stand up ELK or graylog and forward your logs there. This is what we did, we used nxlog and graylog to collect all the 2889 events." Thread comment on collecting logs from a DC.
- "Sure! I used windows event log forwarding to a centralized server via GPO and then i have a GPO that’s subscribes the target Endpoints to the log server. Once the events reach the server I have NXLog ship them to Graylog. Works well." in the thread "Has anyone built their own EDR?"
- Splunk license costs a concern? Use NXLog features for filtering, deduplicating, and dropping fields to help decrease data size. See our comment. Keep in touch for an upcoming whitepaper!