All posts NXLog Blog

May 28, 2026

Syslog forwarding over TLS: getting the operational layer right

Plaintext syslog crossing a network boundary in 2026 is a finding waiting to happen. The IETF defined encrypted syslog years ago in RFC 5425: TCP/6514, mutual TLS where the trust model needs it. What still trips teams up is rarely the protocol itself — it’s certificate lifecycle, framing mismatches, and forwarders that fall over when the collector blinks. Here’s the short version: which standards matter, where teams break the framing, and the four operational habits that decide whether the pipeline holds up.

May 25, 2026

Post-quantum cryptography in NXLog Agent: Post-quantum readiness for Q-Day

You have probably seen the term "post-quantum cryptography" enough times to glaze over it. The headlines tend to focus on a vague future event: a quantum computer somewhere will eventually break RSA, and at that point you should have moved on. That framing makes it easy to file PQC under "worry about it in 2030." The framing is wrong. The actual threat is happening now, and it has a name: harvest now, decrypt later.

May 20, 2026

NXLog Expands Distribution in Turkey and Emerging Markets Through Partnership with CyberDistro

Dubai, UAE, May 20, 2026 - NXLog, a leading provider of log and telemetry pipeline management solutions, today announced a distribution agreement with CyberDistro, a fast-growing global cybersecurity distributor headquartered in Istanbul and active across more than 15 countries. Through this partnership, CyberDistro will distribute and support NXLog’s vendor-agnostic telemetry pipeline platform, enabling organizations to take control of log and event data before it reaches SIEM, analytics, and other observability and security operations tools.

May 14, 2026

Network performance monitoring: metrics vs syslog logs vs traps

Every application depends on the network, yet networks are often the hardest part of the stack to diagnose when something goes wrong. Devices are up, utilization looks normal, and yet users report slowness or disconnections with no obvious cause in sight. The instinct is to rely on metrics alone: poll devices at regular intervals, watch the dashboards, set thresholds. That approach catches obvious outages, but it struggles with the harder questions: Why did latency spike when nothing looked congested?

May 7, 2026

Enterprise IIS log analysis software: top tools, use cases, and NXLog Agent integration

Ever tried to analyze IIS logs manually across dozens of web servers during a security incident? If so, you know the challenge: massive log files across multiple systems, cryptic log entries, and no easy way to correlate events. When running Microsoft Internet Information Services (IIS) across large infrastructures, log data accumulates quickly, increasing the risk of missing critical events. IIS log analysis software is designed to collect, parse, and analyze IIS web server logs to monitor activity, troubleshoot performance issues, detect threats, and demonstrate compliance.

April 28, 2026

From 4688 to 1102: The Windows event IDs that matter for threat detection

Most Windows detection programs are anchored on a small set of well-known event IDs: 4624, 4625, maybe 4688 if process creation auditing is turned on. The events that actually describe an intrusion (the new service, the scheduled task, the explicit credential, the share enumeration) live elsewhere on the same host, often on channels that are not enabled by default. We have written before about why a 4625-only mindset leaves most of the attack chain in the dark; this post is the catalog that picks up where that argument ended.

April 23, 2026

Filebeat vs Logstash: when the shipper is enough and when you need a pipeline

The choice here is not between two interchangeable log tools. It is a choice about where you want parsing, routing, and failure handling to live. Filebeat runs close to the source and keeps collection small. Logstash sits in the middle of the flow and takes on filtering, enrichment, and fan-out. That architectural difference matters more than a feature checklist. Pick the narrower tool when your logs have one destination and your parsing rules are modest.

April 22, 2026

The case for not ripping and replacing: Securing Win32 infrastructure in place

The default advice for any system running an unsupported operating system is simple: replace it. Upgrade to a supported platform. Move to modern hardware. Problem solved. It’s good advice in theory. As with many other things in life however, in practice it ignores everything that makes legacy infrastructure hard to deal with in the first place. For organizations running Windows XP, Server 2003, or other legacy 32-bit Windows systems, "just upgrade" is often the most expensive, disruptive, and operationally risky option on the table.

April 21, 2026

Announcing NXLog Platform 1.12

We are happy to announce the latest release of NXLog Platform, version 1.12. This release introduces full version history for agent configurations, giving you a clear audit trail and the ability to instantly restore any previous version. It also brings a redesigned Customer Portal with a streamlined onboarding experience and improved navigation. Want a quick overview? Watch a short demo showcasing configuration version history, one of the key new features in this release:

April 20, 2026

NIS2, HIPAA, PCI DSS: What compliance means when you can't upgrade your OS

Compliance frameworks don’t have a checkbox for "we know it’s a problem, but we can’t afford to fix it right now." Yet that’s the position thousands of organizations find themselves in — bound by regulation to meet security standards that their operating systems are physically incapable of supporting. If you run Windows XP, Server 2003, or any other unsupported OS in a regulated environment, the compliance obligation doesn’t go away just because the upgrade path is blocked.

All articles

Featured posts

Categories

All articles

Sign up

Featured posts

Categories