One of the most important aspect of logs is the format, it is crucial to
achieving readable log files. And, above all it is best if logs are in a
structured format, rather than as unstructured text. The format affects
information availability, readability, manageability and size as well.
As opposed to the limited output formats supported by Snare, NXLog supports
multiple industry-standard formats such as:
CEF - Common Event Format (ArcSight)
LEEF - Log Event Extended Format (IBM QRadar)
GELF - Graylog Extended Log Format (Graylog)
Syslog RFC3164 - BSD Syslog protocol
Syslog RFC5424 - Syslog Protocol
XML - Extensible Markup Language
KVP - Key-Value Pairs
CSV - Comma Separated Values
Snare or "Snare over Syslog" - Snare format with or without a Syslog
The wider format support by NXLog also enables greater flexibility for the
end-user and easier integration with third party products.
NXLog’s core design embraces structured logging, while Snare was primarily
designed around its propritery Snare syslog format. In contrast, NXLog provides
structured data support - such as JSON and KVP, as well as
CSV and XML. Using structured logging can dramatically
reduce the operation cost of a SIEM.