News and blog
NXLog main page
  • Products
    NXLog Platform
    Log collection
    Log management and analytics
    Log storage
    NXLog Community Edition
    Integrations
    Professional Services
  • Solutions
    Use cases
    Specific OS support
    SCADA/ICS
    Windows event log
    DNS logging
    MacOS logging
    Solutions by industry
    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Pricing
    Licensing
    Plans
  • Partners
    Find a Reseller
    Partner Program
    Partner Portal
  • Resources
    Documentation
    Blog
    White papers
    Videos
    Webinars
    Case Studies
    Community Program
    Community Forum
  • About
    Company
    Careers
  • Support
    Support portals
    Contact us

NXLog Platform
Log collection
Log management and analytics
Log storage
NXLog Community Edition
Integrations
Professional Services

Use Cases
Specific OS support
SCADA/ICS
Windows event log
DNS logging
MacOS logging
Solutions by industry
Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing

Licensing
Plans

Find a Reseller
Partner Program
Partner Portal

Documentation
Blog
White papers
Videos
Webinars
Case Studies
Community Program
Community Forum

Company
Careers

Support portals
Contact us
Let's Talk
  • Start free
  • Interactive demo
Let's Talk
  • Start free
  • Interactive demo
NXLog search
  • Loading...
Let's Talk
  • Start free
  • Interactive demo
September 30, 2025 deployment

Gaining valuable host performance metrics with NXLog Platform

By Roman Krasnov

Share
ALL ANNOUNCEMENT COMPARISON COMPLIANCE DEPLOYMENT SECURITY SIEM STRATEGY RSS

What are performance metrics and why are they important?

IT and security systems don’t just generate logs; they also produce extremely valuable performance data that helps ensure the health and stability of your business infrastructure. Host-level performance metrics provide visibility into key resources, such as:

  • CPU usage — Helps identify over-utilization, process bottlenecks, or underused resources.

  • Memory usage — Indicates whether applications are consuming excessive RAM or leaking memory over time.

  • Disk usage and I/O — Shows storage availability and performance—critical for database servers and applications with heavy read/write activity.

  • And much more besides.

Tracking these metrics allows administrators to detect issues early, plan for scaling, and troubleshoot performance degradations before they impact end users.

Collecting logs and metrics: multi-instrumentation overhead

Traditionally, organizations have had to rely on multiple different agents to capture logs and system metrics. For example:

  • A log collector agent to ingest application and system logs

  • A separate metrics exporter to gather CPU, memory, disk, and network statistics

  • A monitoring agent/collector to format data and relay to a time-series database, SIEM or other centralized analytics solution, and so on.

This approach works. But it comes with downsides. These include increased resource usage on hosts, higher administrative overheads, and added complexity in terms of configuration management. Maintaining and upgrading multiple agents often means more potential points of failure.

A single telemetry agent solution: NXLog Platform

With NXLog Platform, you can now gather both logs and metrics in one place. This means you can unify log and performance data collection under a single, lightweight, and flexible agent and relay metrics to a system of your choice without the need for third-party agent software. The Prometheus time-series database is one popular option.

With new metrics management capabilities:

  • Host metrics, such as CPU load, memory utilization, and disk statistics, can be gathered by NXLog Agent.

  • Metrics can be exposed in native Prometheus format, making integration straightforward.

  • Logs and metrics are managed by a single configuration, reducing operational complexity.

This approach simplifies telemetry pipeline management by replacing multiple exporters and log shippers with a unified agent. In return, organizations benefit from lower overheads, consistent configuration management, and easier scaling.

image 20250909 085439

Eager to learn how to build an application performance monitoring dashboard with Prometheus, Grafana and NXLog Platform?

Quick how-to: Collecting host metrics to Prometheus with NXLog Platform

If you ever need to monitor host and application performance, a Prometheus and Grafana stack would, without a doubt, be your first choice. Prometheus is a time-series database solution that allows users to scrape, store and analyze metrics, while Grafana is a popular native tool for visualizing data from Prometheus. In order to ingest data into Prometheus, it requires an additional layer—​for instance, a metrics exporter—​that is capable of exposing data to Prometheus. NXLog Platform is that extra layer.

But what kind of data, exactly, needs to be exposed? With NXLog Platform, it’s possible to extract different kinds of system performance information via OSQuery. So, for example, you might begin by setting up the collection of network statistics, HDD, CPU and RAM usage.

With NXLog Platform, every configuration step can be easily actioned with the respective OSQuery to Prometheus Solution Pack:

image 20250908 105051
image 20250908 105152

For illustrative purposes, this article will explain how to set up configuration manually, step-by-step.

Firstly, we need to prepare a configuration sample that does the following things:

  1. Collects the data required (via im_osquery module)

  2. Converts the data to metrics

  3. Exposes the data (via om_prometheus module) to the network for Prometheus to scrape metrics from

Here’s how that works:

# We have to instruct NXLog Agent to elevate privileges to get system data
User                    root

<Extension osquery_xm_json>
    Module              xm_json
</Extension>

# Setting up osquery requests
<Input in_osquery_prometheus>
    Module              im_osquery

    # Collects interface-level network statistics, including packet counts, errors, and drops,
    # and calculates receive/transmit error and drop percentages for active interfaces.
    <QueryMap>
        Name        network
        Query       "SELECT interface, ipackets, ierrors, idrops, opackets, oerrors, odrops, collisions, ROUND((ierrors * 100.0) / ipackets, 2) AS rx_error_pct, ROUND((idrops * 100.0) / ipackets, 2) AS rx_drop_pct, ROUND((oerrors * 100.0) / opackets, 2) AS tx_error_pct, ROUND((odrops * 100.0) / opackets, 2) AS tx_drop_pct FROM interface_details WHERE ipackets > 0 OR opackets > 0"
        Interval    5
    </QueryMap>

    # Retrieves the top 5 processes by total CPU time since boot, including estimated CPU usage percentage (cpu_usage_percent_since_boot).
    # and memory used in MB, based on process and system cumulative CPU statistics (memory_used_mbyte).
    <QueryMap>
        Name        app
        Query       "SELECT p.pid, p.uid, p.name, ROUND(((p.user_time + p.system_time) / (ct.tsb - ct.itsb)) * 100, 2) AS cpu_usage_percent_since_boot, ROUND((p.total_size * 1e-6), 2) AS memory_used_mbyte FROM processes p, (SELECT (SUM(user) + SUM(nice) + SUM(system) + SUM(idle) * 1.0) AS tsb, SUM(COALESCE(idle, 0)) + SUM(COALESCE(iowait, 0)) AS itsb FROM cpu_time) AS ct ORDER BY (p.user_time + p.system_time) DESC LIMIT 5"
        Interval    5
    </QueryMap>

    # This query retrieves disk mount points where free space is critically low (<5%).
    # It reports the filesystem path, type, available space in gigabytes (free_gb), and free percentage (free_percent).
    <QueryMap>
        Name        disk
        Query       "SELECT path, type, ROUND((blocks_available * blocks_size * 10e-10), 2) AS free_gb, ROUND((blocks_available * 1.0 / blocks) * 100, 2) AS free_percent FROM mounts WHERE (blocks_available * 1.0 / blocks) * 100 < 5"
        Interval    5
    </QueryMap>

    <Exec>
       $$new_field_name = $name;
       $$columns_value = $columns;
       $$event($$new_field_name) = $$columns_value;
       $raw_event = osquery_xm_json->to_json($$event);
       delete_all();
       osquery_xm_json->parse_json();
   </Exec>
</Input>

# Expose metrics to the network
<Output out_osquery_prometheus>
    Module              om_prometheus
    ListenAddr          0.0.0.0:9464
    MappingFile         '%CONFDIR%/prometheus_mappings.json'
</Output>

<Route route_osquery_prometheus_generic>
    Path                in_osquery_prometheus => out_osquery_prometheus
</Route>

Add the following chunk to your agent’s configuration in NXLog Platform, and it will do the job for you:

image 20250908 094223

Notice that, to convert the data, we use a prometheus_mappings.json mapping file, which enables us to add the necessary metric labels. In the example below, we define only the mappings we need, but it’s possible to add more. This file has to be placed into NXLog Agent’s configuration /opt/nxlog/etc/nxlog.d folder at the target host:

{
  "metrics": {
    "counter": [
      {
        "name": "network_ipackets",
        "labels": ["network_interface"]
      }
    ],
    "gauge": [
      {
        "name": "app_cpu_usage_percent_since_boot",
        "labels": ["app_pid","app_uid","app_name"]
      },
      {
        "name": "app_memory_used_mbyte",
        "labels": ["app_pid","app_uid","app_name"]
      },
      {
        "name": "disk_free_gb",
        "labels": ["disk_path","disk_type"]
      },
      {
        "name": "disk_free_percent",
        "labels": ["disk_path","disk_type"]
      }
    ]
  }
}

Next, restart the agent, and you’ll find it ready to use, with NXLog Platform now able to collect your metrics and expose them at [nxlog_agent_host:9464] in a Prometheus-compatible format. Now it’s time to tweak Prometheus itself to scrape the data and configure it to Grafana dashboards for visualization.

NXLog Platform provides native integration with Prometheus. So, it’s as easy as adding this next information into the scrape_configs section of your prometheus.yml configuration file:

scrape_configs:

  - job_name: "unix-nxlog"
    static_configs:
      - targets: ["192.168.92.134:9464"]

Ensure you specify the IP address of the target host you want the metrics to be taken from (192.168.92.134 in my case). Prometheus should now be ready for continuous metric collection.

The last task to complete your setup is to visualize the data using Grafana. Let’s add a new dashboard specifying Prometheus as a data source and app_cpu_usage_percent_since_boot metric as the data itself:

image 20250909 090256

Now, we can easily check for the processes that consume the most CPU over time. Next, add the additional visualizations for disk_free_gb, disk_free_percent, app_memory_used_mbyte and network_ipackets metrics to make your brand-new application performance monitoring dashboard more sophisticated:

image 20250909 090332

Bringing it all together

By combining log collection and performance metric management, NXLog Platform provides a unified telemetry and observability agent layer. You can send logs to your SIEM while simultaneously exposing host metrics to Prometheus for continuous monitoring—​without deploying extra software.

In short, the results you’ll get are:

  • Fewer agents on your systems

  • Lower resource usage

  • Centralized management of logs and metrics

  • Seamless integration with Prometheus

NXLog Platform gives you the complete picture of your infrastructure health, without the complexity. Speak to an NXLog Advisor to book your trial today.

NXLog Platform is an on-premises solution for centralized log management with
versatile processing forming the backbone of security monitoring.

With our industry-leading expertise in log collection and agent management, we comprehensively
address your security log-related tasks, including collection, parsing, processing, enrichment, storage, management, and analytics.

Start free Contact us
  • performance
  • monitoring
  • prometheus
  • grafana
Share

Facebook Twitter LinkedIn Reddit Mail
Related Posts

Leveraging Okta logs for improved security monitoring
6 minutes | June 16, 2025
Raijin vs Elasticsearch
14 minutes | August 9, 2022
Understanding telemetry pipelines
6 minutes | September 26, 2024

Stay connected:

Sign up

Keep up to date with our monthly digest of articles.

By clicking singing up, I agree to the use of my personal data in accordance with NXLog Privacy Policy.

Featured posts

Gaining valuable host performance metrics with NXLog Platform
September 30, 2025
Announcing NXLog Platform 1.8
September 12, 2025
Security Event Logs: Importance, best practices, and management
July 22, 2025
Announcing NXLog Platform 1.7
June 25, 2025
Enhancing security with Microsoft's Expanded Cloud Logs
June 10, 2025
Announcing NXLog Platform 1.6
April 22, 2025
Announcing NXLog Platform 1.5
February 27, 2025
Announcing NXLog Platform 1.4
December 20, 2024
NXLog redefines log management for the digital age
December 19, 2024
2024 and NXLog - a review
December 19, 2024
Announcing NXLog Platform 1.3
October 25, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
September 24, 2024
Welcome to the future of log management with NXLog Platform
August 28, 2024
Announcing NXLog Enterprise Edition 5.11
June 20, 2024
Raijin announces release of version 2.1
May 31, 2024
Ingesting log data from Debian UFW to Loki and Grafana
May 21, 2024
Announcing NXLog Enterprise Edition 6.3
May 13, 2024
Raijin announces release of version 2.0
March 14, 2024
NXLog Enterprise Edition on Submarines
March 11, 2024
The evolution of event logging: from clay tablets to Taylor Swift
February 6, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
February 2, 2024
Raijin announces release of version 1.5
January 26, 2024
2023 and NXLog - a review
December 22, 2023
Announcing NXLog Enterprise Edition 5.10
December 21, 2023
Raijin announces release of version 1.4
December 12, 2023
Announcing NXLog Enterprise Edition 6.2
December 4, 2023
Announcing NXLog Manager 5.7
November 3, 2023
Announcing NXLog Enterprise Edition 6.1
October 20, 2023
Raijin announces release of version 1.3
October 6, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
September 11, 2023
The cybersecurity challenges of modern aviation systems
September 8, 2023
Raijin announces release of version 1.2
August 11, 2023
The Sarbanes-Oxley (SOX) Act and security observability
August 9, 2023
PCI DSS 4.0 compliance: Logging requirements and best practices
August 2, 2023
Detect threats using NXLog and Sigma
July 27, 2023
HIPAA compliance logging requirements
July 19, 2023
Announcing NXLog Enterprise Edition 5.9
June 20, 2023
Industrial cybersecurity - The facts
June 8, 2023
Raijin announces release of version 1.1
May 30, 2023
CISO starter pack - Security Policy
May 2, 2023
Announcing NXLog Enterprise Edition 5.8
April 24, 2023
CISO starter pack - Log collection fundamentals
April 3, 2023
Raijin announces release of version 1.0
March 9, 2023
Avoid vendor lock-in and declare SIEM independence
February 13, 2023
Announcing NXLog Enterprise Edition 5.7
January 20, 2023
NXLog - 2022 in review
December 22, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
November 23, 2022
The EU's response to cyberwarfare
November 22, 2022
Looking beyond Cybersecurity Awareness Month
November 8, 2022
GDPR compliance and log data
September 23, 2022
NXLog in an industrial control security context
August 10, 2022
Raijin vs Elasticsearch
August 9, 2022
NXLog provides native support for Google Chronicle
May 11, 2022
Aggregating macOS logs for SIEM systems
February 17, 2022
How a centralized log collection tool can help your SIEM solutions
April 1, 2020

Categories

  • ANNOUNCEMENT
  • COMPARISON
  • COMPLIANCE
  • DEPLOYMENT
  • SECURITY
  • SIEM
  • STRATEGY
logo

Subscribe to our newsletter to get the latest updates, news, and products releases. 

© Copyright NXLog FZE.

Privacy Policy. General Terms of Use

Follow us

  • Product
  • NXLog Platform 
  • Log collection
  • Log management and analysis
  • Log storage
  • Integration
  • Professional Services
  • Plans
  • Resources
  • Documentation
  • Blog
  • White papers
  • Videos
  • Webinars
  • Case studies
  • Community Program
  • Community forum
  • Support
  • Getting started guide
  • Support portals
  • About NXLog
  • About us
  • Careers
  • Find a reseller
  • Partner program
  • Contact us