Tag: 2022-review
December 22, 2022
NXLog - 2022 in review
We’ve come to the end of 2022, and what a year it’s been. It was a year marked by war, economic toil, and addressing the aftermath of the Covid-19 pandemic.
Europe was immediately thrust into crisis in February when the Russia-Ukraine War began. Unfortunately, as an Eastern European-based company, many of our colleagues were directly affected by it.
Then, more recently and in the United States especially, many tech companies began restructuring their organizations to deal with the looming economic problems that are forecast.
Tag: 2023
December 22, 2023
2023 and NXLog - a review
It’s finally the holiday season, and we’re down to a skeleton staff here at NXLog. It’s nearly time for us to shut down our laptops, pick up a cup of hot chocolate (or mulled wine if we’re lucky), and get ready for a week or so of reading, relaxing, opening presents, perhaps coping with distant relatives, and all-around merry-making over the holiday period.
So we hope you’ll forgive us if we keep this recap of 2023 succinct.
Tag: agent
September 25, 2021
Putting together your first NXLog configuration
If you are reading this, then it is safe to say that you are now part of the NXLog community. In other words, you are ready to dive into the world of log collection. Excellent. You have made a great choice. However, before you start collecting logs you should know just how your NXLog log collection tool works.
The NXLog log collection tool uses loadable modules that are invoked within the input, data modification, and output stages.
Tag: agent-based
October 22, 2019
Agent-based versus agentless log collection - which option is best?
One of the harder decisions revolve around implementing agent-based vs agentless log collection. This post covers the two methods - their advantages and disadvantages - and provides some quick and actionable implementation notes.
Why does log collection agent choice matter? When deploying a log collection strategy, administrators usually tend to zone in on already selected solutions that answers fundamental questions, such as "Will this solution collect and ship these types of log sources?
Tag: agent-management
April 30, 2025
Monitoring NXLog Agent with Zabbix using the Agent Management API
NXLog Agent plays a vital role in aggregating, processing, and forwarding logs to centralized platforms for analysis. Whether it’s system logs, application logs, or security audit trails, these agents are often the first line of visibility into what’s happening in your environment.
In many setups, especially large-scale infrastructures, NXLog Agent relays act as crucial intermediaries, collecting logs from edge systems and forwarding them to a SIEM or log analytics platform.
Tag: agentless
October 22, 2019
Agent-based versus agentless log collection - which option is best?
One of the harder decisions revolve around implementing agent-based vs agentless log collection. This post covers the two methods - their advantages and disadvantages - and provides some quick and actionable implementation notes.
Why does log collection agent choice matter? When deploying a log collection strategy, administrators usually tend to zone in on already selected solutions that answers fundamental questions, such as "Will this solution collect and ship these types of log sources?
Tag: alerts
August 3, 2022
Send email alerts from NXLog using Python, Perl, or Ruby
NXLog is a versatile log collector that easily integrates with other software, platforms, and programming languages. Out-of-the-box it supports integration with many third-party solutions through its input, output, and extension modules. Moreover, extending NXLog with custom functionality is as easy as writing an application or script in your favorite programming language and loading it from the configuration.
Email notifications of events indicating potential security breaches or severe application errors are a standard procedure for IT admins and DevOps engineers.
Tag: analytics
February 22, 2022
NXLog Community Edition support for Raijin Database
Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.
What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.
July 29, 2021
Using Raijin Database Engine to aggregate and analyze Windows security events
In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools.
A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.
Tag: announcement
September 19, 2024
Announcing the end-of-sale for NXLog Enterprise Edition and NXLog Manager
We are officially announcing that NXLog will no longer be selling NXLog Enterprise Edition and NXLog Manager. This decision reflects our commitment to evolving our product offerings and delivering more powerful, future-proof solutions.
While the sale of these products is ending, please be assured that we will continue to provide full technical support, maintenance, and bug fixes for both NXLog Enterprise Edition and NXLog Manager until the end of your contractual period.
July 25, 2024
The CrowdStrike incident and how the NXLog agent operates
Automatic updates are recommended by many vendors as they are considered essential for safeguarding against security threats and maintaining system performance. Updates not only enhance security but also deliver bug fixes and new features, contributing to improved user experience. Software updates, however, come with the inherent risk of breaking existing functionality and can potentially interfere with other software or the operating system itself causing unintended side effects. Automatic updates that the user has no control over escalate the risk further.
Tag: ansible
March 1, 2022
Deploying and managing NXLog with Ansible
Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.
Tag: ansp
September 8, 2023
The cybersecurity challenges of modern aviation systems
Since the Wright brothers' first flight, the aviation industry has been advancing at an unprecedented rate. But it has always been a step behind other sectors in some areas, for safety and security reasons. Engineers are only allowed to apply well-matured technologies thoroughly trialed in different industries. Civil aviation, especially from the IT and IT security perspective, is a bit like Debian among the Linux operating systems. It does not always include all the latest inventions, but it aims to be safe and very stable in return.
Tag: apache-superset
July 29, 2021
Using Raijin Database Engine to aggregate and analyze Windows security events
In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools.
A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.
Tag: audit-log
October 11, 2021
Collecting DHCP server logs on Windows
DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised.
You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.
Tag: audit-logs
January 25, 2022
Understanding and auditing WMI
If you’re a cyber security enthusiast, you’ve probably heard a lot about Windows Management Instrumentation (WMI) lately. There’s a good reason why this topic has gained popularity, however, this technology has been integrated into Windows operating systems for over 20 years now. In this blog post, we will delve into how WMI works, the risks resulting from misuse, and how to audit it with NXLog.
A standardization effort The first thing to clarify about WMI is that it’s not a Windows-only technology.
Tag: auditing
January 25, 2022
Understanding and auditing WMI
If you’re a cyber security enthusiast, you’ve probably heard a lot about Windows Management Instrumentation (WMI) lately. There’s a good reason why this topic has gained popularity, however, this technology has been integrated into Windows operating systems for over 20 years now. In this blog post, we will delve into how WMI works, the risks resulting from misuse, and how to audit it with NXLog.
A standardization effort The first thing to clarify about WMI is that it’s not a Windows-only technology.
Tag: aviation-security
September 8, 2023
The cybersecurity challenges of modern aviation systems
Since the Wright brothers' first flight, the aviation industry has been advancing at an unprecedented rate. But it has always been a step behind other sectors in some areas, for safety and security reasons. Engineers are only allowed to apply well-matured technologies thoroughly trialed in different industries. Civil aviation, especially from the IT and IT security perspective, is a bit like Debian among the Linux operating systems. It does not always include all the latest inventions, but it aims to be safe and very stable in return.
Tag: awareness
February 26, 2026
Security dashboards go dark: why visibility isn't optional, even when your defenses keep running
The SentinelOne outage showed why visibility isn’t optional—even when your defenses keep running.
On May 29, 2025, organizations running SentinelOne experienced something unsettling: their security controls kept working, but they couldn’t see what was happening.
A software flaw in SentinelOne’s infrastructure control system caused a global service disruption that lasted several hours. According to reports, the incident significantly impacted customers' ability to manage their security operations and access important data.
January 29, 2026
The GeoServer breach that could have been stopped in hours, not weeks
How a federal agency’s monitoring gaps turned a containable incident into a three-week nightmare
In September 2025, CISA responded to a federal agency breach that security teams could have stopped in hours. Instead, threat actors roamed the network undetected for three weeks.
The damage? Multiple compromised servers, web shells planted across the infrastructure, and a persistent foothold that took significant resources to remediate.
The root cause wasn’t a zero-day exploit or sophisticated malware.
November 8, 2022
Looking beyond Cybersecurity Awareness Month
Cybersecurity Awareness Month has come and gone again. October marks that festive time of year when companies circulate their mandatory think pieces, remind their employees of the dangers of clicking questionable links, and pat themselves on the back and call it a day. Here’s your friendly November reminder to keep your wits about you year-round.
A (brief) history of Cybersecurity Awareness Month The Cybersecurity Awareness Month story began as a partnership between an American governmental agency—the Cybersecurity and Infrastructure Agency (CISA)--and the National Cyber Security Alliance non-profit.
Tag: bind-dns-logs
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
Tag: bind9
November 19, 2025
Monitoring BIND9 logs: Comparing syslog and dnstap for DNS visibility
As system and network administrators know, DNS logs are essential for understanding what’s happening across your infrastructure, whether you’re troubleshooting slow lookups, investigating odd traffic patterns, or monitoring your security posture.
We recently had the opportunity to help a customer set up monitoring for BIND9 logs and discovered that the two main options, syslog and dnstap, offer very different experiences in setup, performance, and the level of DNS visibility they provide.
Tag: blind-return-oriented-programming
May 9, 2023
BROP attacks - What is it and how to defend yourself?
Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.
Tag: brop
May 9, 2023
BROP attacks - What is it and how to defend yourself?
Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.
Tag: centralized-logging
February 24, 2026
Centralized log management: What it is, how centralized logging works, and how to choose the right system
Centralized log management is the practice of collecting logs from across an environment, including applications, servers, containers, networks, and cloud services, and storing them in a single location where they can be searched and analyzed.
For operations and security teams, centralized logging is now a core requirement. Without it, logs are scattered across hosts, ephemeral containers, cloud consoles, and disconnected tools. This fragmentation slows troubleshooting, complicates incident response, and limits visibility during security investigations.
November 27, 2024
Centralized Windows log collection - NXLog Platform vs. WEF
One of the challenges that security-conscious Windows administrators face is collecting and centralizing Windows event logs. One of the obvious solutions that come to mind is the native Windows Event Forwarding (WEF) feature available on all modern Windows operating systems.
WEF offers the convenience of forwarding Windows events to a central event collector without installing and managing agents. To objectively portray the role this valuable technology plays in the larger scope of enterprise log collection, we have written several articles that discuss it:
August 1, 2022
The benefits of log aggregation
Logs are a record of the internal workings of a system. Nowadays, organizations can have hundreds and, more regularly, thousands of managed computers, servers, mobile devices, and applications; even refrigerators are generating logs in this Internet of Things era. The result is the production of terabytes of log data—event logs, network flow logs, and application logs, to name a few—that must be carefully sorted, analyzed, and stored.
Without a log management tool, you would need to manually search through many directories of log files on each system to access and extract meaning from these millions of event logs.
January 3, 2022
Log aggregation with NXLog
The value of log aggregation There is no denying the importance of log aggregation for multi-million-dollar enterprises worldwide. But just what is log aggregation? And how can it help your organization? Well, log aggregation is the process of standardizing and consolidating your log data from distributed systems across your network into one centralized server. By doing so, you have a unified view of what occurs across your entire IT infrastructure.
April 1, 2020
How a centralized log collection tool can help your SIEM solutions
IT security should be one of the main focus points of all enterprises. In today’s world, when digital transformation is taking place at an unprecedented pace, securing online data is vital for all kinds of businesses. This is why most companies are utilizing SIEM (Security Information and Event Management) solutions that help them identify threats before they can do any harm.
Even though SIEM tools are perfect for event correlation and analytics, it is not part of their core functionality to manage log collection, filtering, distribution, and formatting.
December 17, 2018
Making the most of Windows Event Forwarding for centralized log collection
Windows Event Forwarding (WEF) provides log centralization capabilities that are natively supported in Windows-based systems. It is straightforward to set up since it is already built into Windows, and only a few pre-requisites are required, such as having a dedicated event server with a group policy object (GPO). Despite its ease of use and native support, WEF has some limitations. This post covers the advantages of using Windows Event Forwarding for centralized log collection, followed by limitations of WEF and its subsequent solutions.
Tag: cisa
June 10, 2025
Enhancing security with Microsoft's Expanded Cloud Logs
Nation-state-sponsored hacking stories are everyone’s favorite Hollywood movies — until our personal or corporate sensitive data shows up on the dark web for sale, being compromised. In real life, cyber espionage groups’s activities trigger security enforcement. First in the government sector, then the government standards slowly shift industry norms starting by gently forcing vendors who are also selling into government contracts.
In the case of the recently announced playbook on MICROSOFT EXPANDED CLOUD LOGS IMPLEMENTATION PLAYBOOK, issued by the US Cybersecurity and Infrastructure Security Agency (CISA), it all started in July 2023, when the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft’s Outlook email system to gain unauthorized access to email accounts belonging to U.
Tag: ciso
April 13, 2023
MFA Fatigue - What it is, and how to combat it
A multi-factor authentication (MFA) fatigue attack is a form of a social engineering cyberattack strategy where attackers repeatedly try to make second-factor authentication requests to the target’s email, phone, or other registered devices to gain access to the system. You may also hear about MFA Fatigue attack as MFA Bombing, 2FA fatigue, MFA push spam, MFA Spamming, or prompt bombing.
Technology administrators are always playing a never-ending battle of cat and mouse when it comes to threat actors.
Tag: ciso-starter-pack
May 2, 2023
CISO starter pack - Security Policy
The three characteristics your data must possess at all times, as dictated by your IT Security Policy, are:
It must be confidential
It must be available and
It must not have any unauthorized modifications
Your log policy will only be as good as the IT Security policy infrastructure behind it. And as much as we love talking about logs, that’s part of a more considerable general discussion about security policies.
April 3, 2023
CISO starter pack - Log collection fundamentals
Log collection is essential to managing an IT department because it allows administrators to research historical events throughout a network. Therefore, it’s critical to understand a few key points about collecting logs; the why, and what. We’ll look at a few specific examples of collecting log events efficiently, like incorporating threat modeling to enhance our collection. Implementing log collection policies and procedures is as fun as watching anti-phishing videos. But at the end of the day, the effort put in at the beginning will be worth it.
Tag: cloud-logs
June 10, 2025
Enhancing security with Microsoft's Expanded Cloud Logs
Nation-state-sponsored hacking stories are everyone’s favorite Hollywood movies — until our personal or corporate sensitive data shows up on the dark web for sale, being compromised. In real life, cyber espionage groups’s activities trigger security enforcement. First in the government sector, then the government standards slowly shift industry norms starting by gently forcing vendors who are also selling into government contracts.
In the case of the recently announced playbook on MICROSOFT EXPANDED CLOUD LOGS IMPLEMENTATION PLAYBOOK, issued by the US Cybersecurity and Infrastructure Security Agency (CISA), it all started in July 2023, when the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft’s Outlook email system to gain unauthorized access to email accounts belonging to U.
Tag: community-edition
May 13, 2025
From NXLog Community Edition to NXLog Platform
NXLog Community Edition was launched many years ago and, being cross-platform and highly versatile, quickly became a leading log collection tool. With millions of downloads, it is widely used across on-premises, cloud, and hybrid deployments. While over 70% of users have upgraded to the more feature-rich and robust NXLog Enterprise Edition, many still rely on NXLog Community Edition due to its flexibility and fit for many use cases.
However, as technology advances and business and security demands grow, we are excited to introduce NXLog Platform—a modern, comprehensive solution that offers enhanced functionality and performance.
April 20, 2023
Announcing NXLog Community Edition 3.2
We’re glad to announce the latest release of NXLog Community Edition. This release mainly fixes an issue where the file_name() function returns an unknown error.
We’ve also stopped officially supporting the Android mobile operating system.
Get in touch with our team if you have any questions, or request a free trial of our flagship log collection solution, NXLog Enterprise Edition, below.
NXLog Platform is an on-premises solution for centralized log management with versatile processing forming the backbone of security monitoring.
Tag: comparison
March 3, 2026
Fluent Bit vs Fluentd: How to choose the right tool for your log pipeline
Choosing between Fluent Bit and Fluentd is an architecture decision, not a product shootout. Both projects live under the CNCF Fluent umbrella and share a common lineage at Treasure Data, but they target different roles in a logging pipeline. Fluent Bit is a C-based telemetry agent designed for low-overhead collection at the edge. Fluentd is a Ruby-and-C data collector built for aggregation, transformation, and multi-destination routing.
The practical question is not which one is better — it’s where each one belongs in your stack, and whether you need both.
February 24, 2026
Centralized log management: What it is, how centralized logging works, and how to choose the right system
Centralized log management is the practice of collecting logs from across an environment, including applications, servers, containers, networks, and cloud services, and storing them in a single location where they can be searched and analyzed.
For operations and security teams, centralized logging is now a core requirement. Without it, logs are scattered across hosts, ephemeral containers, cloud consoles, and disconnected tools. This fragmentation slows troubleshooting, complicates incident response, and limits visibility during security investigations.
February 2, 2026
Graylog vs ELK Stack: Unbiased comparison of log management tools
Centralized logging is no longer optional. Whether you’re troubleshooting production incidents, investigating suspicious activity, or meeting audit requirements, you need a way to collect logs from many sources, normalize them, search them quickly, and turn them into alerts and dashboards. In practice, that starts with reliable collection — often via solutions like NXLog Platform — so the data arrives clean and consistent.
Two of the most common open-source paths people compare are Graylog vs ELK Stack.
December 12, 2025
rsyslog vs syslog-ng: Which is the right log shipper?
Well, no doubt logging is the nervous system of any IT infrastructure. From troubleshooting outages to satisfying compliance audits and threat management, having the right log management pipeline can make the difference between smooth operations and chaotic firefighting. For decades, syslog-ng and rsyslog have been two of the most widely used log management tools for Unix and Linux environments. Both provide implementations of the original 1980s syslog protocol and are designed to collect, process, and forward log messages across networks.
April 9, 2025
NXLog Agent vs. Snare Agent - A practical comparison of log collection capabilities
Are you looking to replace Snare? Here’s how NXLog Agent compares in real-world environments.
This article will help if you consider a new log collection solution or evaluate alternatives to your existing deployment. It answers key questions from organizations that have migrated from Snare to NXLog solutions.
Feature comparison - Snare Agent vs. NXLog Agent Multiple log collection agents are available on the market. While both Snare Agent and NXLog Agent serve similar use cases, NXLog Agent provides broader platform support, more advanced log processing, and greater flexibility in integration.
November 27, 2024
Centralized Windows log collection - NXLog Platform vs. WEF
One of the challenges that security-conscious Windows administrators face is collecting and centralizing Windows event logs. One of the obvious solutions that come to mind is the native Windows Event Forwarding (WEF) feature available on all modern Windows operating systems.
WEF offers the convenience of forwarding Windows events to a central event collector without installing and managing agents. To objectively portray the role this valuable technology plays in the larger scope of enterprise log collection, we have written several articles that discuss it:
January 16, 2023
NXLog vs Splunk Universal Forwarder
NXLog supports filtering, enriching, and forwarding logs directly to Splunk Enterprise for further analysis.
If you landed on this blog post, you are likely looking for a new log collection solution or seeking to improve an existing Splunk deployment. If so, we hope this article provides you with the necessary information to take the next step toward a better log collection strategy.
NXLog and Splunk Universal Forwarder feature comparison Several log collection agents are available on the market, and Splunk Universal Forwarder is one of them.
November 23, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
syslog-ng and NXLog are both powerful log collectors providing flexible log processing. However, you might be in a position where you need to switch from syslog-ng to NXLog. Whether it’s because syslog-ng doesn’t support an operating system or you want to upgrade your log collection solution to one that can be centrally managed, converting your syslog-ng configuration to NXLog is a simple task.
How do syslog-ng and NXLog differ? syslog-ng and NXLog are alike in many ways.
August 9, 2022
Raijin vs Elasticsearch
Log collection is most closely linked to enterprise security practices—for example, aggregation and analysis in a SIEM. However, collecting certain logs for reasons other than security is often valuable. It may even be a requirement of your organization for the purposes of auditing, legal compliance, or data retention.
Storing all these logs in a database is the most efficient way to manage the data. Finding and managing logs stored as flat files or structured data can be challenging without a database.
February 2, 2022
NXLog vs IBM QRadar WinCollect - Let's get things straight
How does NXLog Enterprise Edition compare to the IBM QRadar WinCollect event forwarder?
IBM QRadar SIEM collects, processes, and aggregates log data to provide real-time monitoring and automated response to network threats. With its powerful correlation engine and specialized modules for risk and vulnerability management, it is no surprise that it is among the highest-rated tools on Gartner Peer Insights.
To get the best out of a platform like IBM QRadar, you need to ensure that you send the proper amount of data in a format that it can process efficiently.
Tag: compliance
December 10, 2025
Identity and Access Management (IAM): Guide for 2026
Imagine a typical company: employees join, they move between offices and departments, then they leave. Each of these changes requires a systems access update for email, databases, internal tools, and more. Manually managing these transitions can be burdensome and error-prone. And where you have errors, you have inefficiencies and exposure to security breaches — neither of which is good for your business.
This is where Identity and Access Management (IAM) comes in.
July 18, 2024
NIS2 Directive: a strong request for better incident handling
Did you know the European Union created a rule called the NIS Directive? This rule was established in 2016 to ensure that all member countries are equally protected against cyber attacks. It’s a step towards making it easier for governments to work together to stop cyber threats. However, the Directive was expected to provide more specific instructions for protecting against attacks and ensuring all countries follow the rule. The rule also requires companies and governments to be better prepared to handle cyber attacks and have a plan in case something goes wrong.
May 14, 2024
Harnessing TPM encryption with NXLog
In an increasingly digitalized world, protecting your business’s digital assets is becoming more urgent by the day. Realizing the need to protect data from malicious actors, researchers created encryption. And I am not talking about the Enigma here, but software-based encryption algorithms, with their public and private signing keys, and so on.
Like every other technology, encryption methods have evolved throughout the years. However, the goal remained the same: encryption is there to secure our digital communications.
January 23, 2024
GLBA Compliance in 2024 - Reporting directly to the FTC
The U.S. Federal Trade Commission (FTC) approved amendments to its Safeguards Rule that require FTC-regulated non-banking financial institutions to report data breaches and other security events directly to the FTC. It was originally proposed to add a breach notification requirement back in late 2021. The rule requires financial institutions to report “notification events” to the FTC within 30 days of discovery of the notification event where the private information of 500+ consumers is involved.
January 11, 2024
The story of the $1,900,000 penalty for insufficient log management
It was late March 2021 when a phishing email was sent to a network administrator of TTEC Healthcare Solutions, Inc. (TTEC HS) - an integrated healthcare CX solutions provider - and a threat actor gained highly privileged access to the network. On September 12, 2021, a common ransomware scenario was triggered, with approximately 1,800 devices compromised via the access channel obtained almost 5 months earlier.
Prior to executing the ransomware attack, the threat actor successfully exfiltrated data from the TTEC HS network, containing non-public information (NPI) of current and former employees of TTEC HS, and for individuals who were insured by one of TTEC HS’s clients, including, importantly, some New York residents.
October 17, 2023
Log management for maritime cybersecurity compliance regulations
Historically, seaports have played a crucial role in a state’s development, and interruption in their services has a significant impact on economics. So, it’s no surprise commercial ports are regarded as a critical transport infrastructure.
One of the most significant challenges ports face today is ongoing digital transformation. The majority of tasks carried out across a port utilize autonomous and partially automated systems, including those for managing port access, vessel berthing (bridges, locks, gates, etc.
August 2, 2023
PCI DSS 4.0 compliance: Logging requirements and best practices
With PCI DSS 4.0, logging plays an even more critical role in safeguarding cardholder data. In this post, we’ll break down the key PCI DSS logging requirements, explore best practices for log retention and monitoring, and highlight key areas where NXLog Platform can help you stay secure and compliant.
What is PCI DSS? PCI DSS, or Payment Card Industry Data Security Standard, is a collection of security requirements developed by major credit card companies to safeguard merchants who accept credit card payments by ensuring they provide a secure environment.
September 30, 2022
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
September 23, 2022
GDPR compliance and log management best practices
The European Union’s General Data Protection Regulation (EU GDPR) came into force on 25 May 2018. Many of us remember the influx of marketing emails around this time, with companies updating their privacy policies and asking for the consent of around 450 million Europeans to continue using their personal data.
An often misunderstood participant of this compliance quest is log data—a source potentially rich in protected personal data. So, how does the GDPR apply to an organization’s log data?
June 1, 2022
How NXLog can help meet compliance mandates
Compliance mandates are frameworks that organizations must implement to meet industry regulations. Some of these mandates provide guidelines and best practices, while others may be tied to legislation. With the constant and rapid changes in technology, ensuring that your organization adheres to the relevant regulations is an ongoing process.
So why should you comply? Simply put, not complying might cost you more than implementing processes to meet regulatory requirements. By not complying, you might be violating the law, and in case of a data breach, you may face litigation from affected parties.
Tag: compression
November 12, 2024
Optimize log management and cut costs
Data logging and event monitoring have become essential to provide security and performance monitoring of business operations. However, the vast volume of logs generated can lead to significant challenges, including high costs and inefficiencies.
Many companies collect an excessive number of logs, often missing out on the most critical security-related events. The majority of these logs, known as log noise, offer little to no value to security analysts and can obstruct timely access to high-priority security events.
Tag: configuration
September 25, 2021
Putting together your first NXLog configuration
If you are reading this, then it is safe to say that you are now part of the NXLog community. In other words, you are ready to dive into the world of log collection. Excellent. You have made a great choice. However, before you start collecting logs you should know just how your NXLog log collection tool works.
The NXLog log collection tool uses loadable modules that are invoked within the input, data modification, and output stages.
Tag: container
September 6, 2021
Collecting Kubernetes logs with NXLog
Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.
Tag: containers
January 13, 2021
NXLog Containers were certified by Red Hat
Applications are getting more and more complex. The demand to develop them faster is ever-increasing. This puts stress on organizations’ processes, infrastructure, and the IT teams that support them.
Modern Container technology helps to alleviate issues faster across multiple environments. Linux containers are another evolutionary leap in how applications are developed, deployed, and managed. These containers are based on stable Red Hat Enterprise Linux images that have no adverse effects on your current IT infrastructure.
Tag: critical-infrastructure
February 26, 2024
Digital substations and log collection
European electric power system operators supply around 2800 TWh of electricity per year and manage around 10 million kilometers of power lines - more than ten round trips to the Moon. Such electric travel is impossible without electric substations, an essential component of a power grid. Its automation becomes ultimately digitalized, so requires proper monitoring both for operational and security purposes. Let’s take a look at how a unified log collection pipeline embeds into power automation systems and helps make sure the lights stay on.
Tag: cyberattacks
March 3, 2022
Cyberattacks on the power grid - are you prepared?
In light of recent news stories about possible cyberattacks on the U.S. power grid, we are inclined to ponder over precautions we can take to prepare for such a scenario. If you are in the public utilities industry, this blog post is for you. But, if you’re not, don’t worry. We will cover some basic principles you can follow to get your organization ready before such a cyberattack occurs.
Tag: cybersecurity
February 26, 2026
Security dashboards go dark: why visibility isn't optional, even when your defenses keep running
The SentinelOne outage showed why visibility isn’t optional—even when your defenses keep running.
On May 29, 2025, organizations running SentinelOne experienced something unsettling: their security controls kept working, but they couldn’t see what was happening.
A software flaw in SentinelOne’s infrastructure control system caused a global service disruption that lasted several hours. According to reports, the incident significantly impacted customers' ability to manage their security operations and access important data.
January 29, 2026
The GeoServer breach that could have been stopped in hours, not weeks
How a federal agency’s monitoring gaps turned a containable incident into a three-week nightmare
In September 2025, CISA responded to a federal agency breach that security teams could have stopped in hours. Instead, threat actors roamed the network undetected for three weeks.
The damage? Multiple compromised servers, web shells planted across the infrastructure, and a persistent foothold that took significant resources to remediate.
The root cause wasn’t a zero-day exploit or sophisticated malware.
May 21, 2024
Ingesting log data from Debian UFW to Loki and Grafana
An excellent way to get started in a new technology area or refresh our knowledge is to devise a solution based on a small idea or need. This blog post covers such a situation, with a small personal project demonstrating how to use NXLog’s powerful features.
I embarked on a small pet project centered around a cloud machine running Debian 10. It connects telemetry from my home, country house, and notebook.
June 8, 2023
Industrial cybersecurity - The facts
In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition.
Two years later, we still have no details on the malicious actor.
March 3, 2022
Cyberattacks on the power grid - are you prepared?
In light of recent news stories about possible cyberattacks on the U.S. power grid, we are inclined to ponder over precautions we can take to prepare for such a scenario. If you are in the public utilities industry, this blog post is for you. But, if you’re not, don’t worry. We will cover some basic principles you can follow to get your organization ready before such a cyberattack occurs.
February 3, 2022
How to prevent and detect Log4j vulnerabilities
The Apache Log4j vulnerability has attracted a lot of media attention as a result of recent security incidents that were reported by some organizations using versions 2.0-beta9 through 2.14.1. This security flaw has the potential to affect thousands of applications since some of the world’s largest databases rely on Log4j.
Because so many organizations are affected, cybercriminals are actively exploiting this well-known vulnerability.
Why is this so dangerous? In addition to the threat of malware and ransomware, hackers can also perform remote code execution due to the Log4j vulnerability.
July 1, 2021
Top 5 security concerns revealed with DNS logging
The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.
February 3, 2020
Insufficient logging and monitoring, TOP 10 security risk
"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
In this article these top security risks discussed in the context of log collection.
OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.
Tag: cybersecurity-awareness-month
November 8, 2022
Looking beyond Cybersecurity Awareness Month
Cybersecurity Awareness Month has come and gone again. October marks that festive time of year when companies circulate their mandatory think pieces, remind their employees of the dangers of clicking questionable links, and pat themselves on the back and call it a day. Here’s your friendly November reminder to keep your wits about you year-round.
A (brief) history of Cybersecurity Awareness Month The Cybersecurity Awareness Month story began as a partnership between an American governmental agency—the Cybersecurity and Infrastructure Agency (CISA)--and the National Cyber Security Alliance non-profit.
Tag: cyberwarfare
November 22, 2022
The EU's response to cyberwarfare
With open war in Europe for the first time since 1945, nations across the continent have been busy shoring up their information security defenses. The European Union is stepping up to the plate, releasing a Cyber Defence Policy to, in its words, "boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities."
However, bolstering cyber defenses across a collection of countries, home to 450 million people and spanning four million square kilometers, is no easy feat.
Tag: cyberweapon
November 22, 2022
The EU's response to cyberwarfare
With open war in Europe for the first time since 1945, nations across the continent have been busy shoring up their information security defenses. The European Union is stepping up to the plate, releasing a Cyber Defence Policy to, in its words, "boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities."
However, bolstering cyber defenses across a collection of countries, home to 450 million people and spanning four million square kilometers, is no easy feat.
Tag: database
August 9, 2022
Raijin vs Elasticsearch
Log collection is most closely linked to enterprise security practices—for example, aggregation and analysis in a SIEM. However, collecting certain logs for reasons other than security is often valuable. It may even be a requirement of your organization for the purposes of auditing, legal compliance, or data retention.
Storing all these logs in a database is the most efficient way to manage the data. Finding and managing logs stored as flat files or structured data can be challenging without a database.
February 22, 2022
NXLog Community Edition support for Raijin Database
Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.
What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.
July 29, 2021
Using Raijin Database Engine to aggregate and analyze Windows security events
In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools.
A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.
Tag: deploying-nxlog
March 19, 2022
Deploying and managing NXLog with Puppet
Puppet Bolt is an open-source orchestration tool that automates the manual configuration and management of your infrastructure.
In this post, we will look at how you can create your Puppet Bolt project directory, your inventory YAML file, and finally, your Puppet Bolt Plan to deploy NXLog on a variety of Operating Systems.
Why use Puppet Bolt to deploy NXLog? Apart from the usual tasks of updating software packages, configuring web servers and databases, the need for constant logging has become extremely important, and a de facto necessity nowadays.
March 1, 2022
Deploying and managing NXLog with Ansible
Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.
Tag: deployment
February 10, 2025
Install and enroll NXLog Agent automatically with Ansible and the Agent Management API
In my early days as a Junior Sysadmin, I learned the value of automation when tasked with configuring hundreds of Windows XP machines. Yes, there was a version of Windows called XP. Automating large and repetitive tasks saves time and ensures scalability and consistency in IT environments. Scalability has become very important in IT, and in the golden age of automation tools and APIs, what could be a better way to execute the mass deployment and configuration of your log collection tool than using these very mature and available technologies?
January 6, 2025
How to choose a log management solution
Logs play a critical role in IT infrastructure, and choosing the right log management solution is key to effective operations. This guide explores the core principles for selecting a solution that aligns with your log collection and management needs. Given the wide range of options available, we categorize them into three main groups for clarity.
End-to-end Log Management Solutions
Security Information & Event Management (SIEM)
Application Performance Monitoring and Observability (APM)
December 16, 2024
World of OpenTelemetry
With an ever-expanding choice of technologies on the market, navigating the range of open-source observability tools can be a challenge. Which is why, when it comes to managing complex multicloud environments and their services, standardization is crucial. Here’s where OpenTelemetry (OTel) can play a key role. Developed through the merger of OpenCensus and OpenTracing, OpenTelemetry has become the new standard for open-source telemetry.
Discover what OTel is, the types of telemetry data it encompasses, its potential benefits, and how NXLog can support your OpenTelemetry ecosystem.
September 26, 2024
What is a telemetry pipeline? Understanding and building effective telemetry data pipelines
Back in the day, Gordon Moore made relatively accurate observations and projections about the exponential growth of transistors on semiconductors. It still amazes me, yet very few predicted the incredible growth of system interconnectedness and the vast amount of data it generates. It is estimated that 90% of all data was created in the last two years. Given that everything is connected, the need for telemetry is growing at an unprecedented rate, and so is the need to efficiently channel and manage telemetry data.
May 28, 2024
What is agentless log collection?
Agentless log collection refers to gathering log data from various sources without installing dedicated software agents on the systems generating the logs. Instead, it leverages protocols such as SNMP traps, WECS, WMI, and syslog to retrieve log data remotely.
It is easier to explain what agentless log collection is by also providing some context about agent-based log collection. The truth is that these two options for collecting logs walk hand in hand, meaning that they can and will likely coexist on your network.
Tag: dhcp-server
October 11, 2021
Collecting DHCP server logs on Windows
DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised.
You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.
Tag: dns
February 20, 2023
Our customers asked - Collecting Windows DNS resolved address with NXLog
Windows DNS Server log collection is essential yet complex, primarily because Windows DNS Server provides logs in various places in different forms containing a vast amount of information. Nevertheless, we all know that DNS Server log collection is paramount in IT security. Getting it right can be challenging.
The Windows DNS Server section in the NXLog user guide offers a comprehensive guide on collecting log records from a Windows DNS Server.
August 18, 2022
The disappearing Windows DNS debug log
The Windows DNS debug log contains valuable information on DNS queries and activity that is especially useful for monitoring and analyzing malicious traffic. This requires some configuration changes for the DNS service in order to enable debug logging.
Here is a short description on how to enable debug logging for the DNS service on windows, this also applies to Windows Server 2008 and later. It is possible to specify the file and path name of the DNS debug log file as well as the maximum size of the file.
July 1, 2021
Top 5 security concerns revealed with DNS logging
The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.
May 31, 2020
DNS Log Collection and Parsing
DNS Log Collection and Parsing DNS log collection and parsing should be part of the log collection strategy of every modern IT infrastructure. There are numerous reasons why you should be concerned enough to collect as well as parse the DNS logs collected, some of which include:
Operations and Support Parsing DNS server logs can be used to track active DNS clients, while parsing complex and noisy logs can be helpful in troubleshooting support issues.
May 28, 2020
DNS Log Collection on Windows
Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them.
DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform.
While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
Tag: dns-logs
August 18, 2022
The disappearing Windows DNS debug log
The Windows DNS debug log contains valuable information on DNS queries and activity that is especially useful for monitoring and analyzing malicious traffic. This requires some configuration changes for the DNS service in order to enable debug logging.
Here is a short description on how to enable debug logging for the DNS service on windows, this also applies to Windows Server 2008 and later. It is possible to specify the file and path name of the DNS debug log file as well as the maximum size of the file.
July 1, 2021
Top 5 security concerns revealed with DNS logging
The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.
May 31, 2020
DNS Log Collection and Parsing
DNS Log Collection and Parsing DNS log collection and parsing should be part of the log collection strategy of every modern IT infrastructure. There are numerous reasons why you should be concerned enough to collect as well as parse the DNS logs collected, some of which include:
Operations and Support Parsing DNS server logs can be used to track active DNS clients, while parsing complex and noisy logs can be helpful in troubleshooting support issues.
May 28, 2020
DNS Log Collection on Windows
Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them.
DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform.
While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
Tag: dns-monitoring
November 19, 2025
Monitoring BIND9 logs: Comparing syslog and dnstap for DNS visibility
As system and network administrators know, DNS logs are essential for understanding what’s happening across your infrastructure, whether you’re troubleshooting slow lookups, investigating odd traffic patterns, or monitoring your security posture.
We recently had the opportunity to help a customer set up monitoring for BIND9 logs and discovered that the two main options, syslog and dnstap, offer very different experiences in setup, performance, and the level of DNS visibility they provide.
Tag: e-enabled-aircraft
September 8, 2023
The cybersecurity challenges of modern aviation systems
Since the Wright brothers' first flight, the aviation industry has been advancing at an unprecedented rate. But it has always been a step behind other sectors in some areas, for safety and security reasons. Engineers are only allowed to apply well-matured technologies thoroughly trialed in different industries. Civil aviation, especially from the IT and IT security perspective, is a bit like Debian among the Linux operating systems. It does not always include all the latest inventions, but it aims to be safe and very stable in return.
Tag: edge-case
March 11, 2024
NXLog Enterprise Edition on Submarines
I always wondered what happens to our software when a company purchases it. Okay, I know they will install it and use it. But where do they install it? On what kind of machines? In what kind of environment? And why is it important for them to collect and handle logs? The possibilities are endless. We have customers worldwide; from shoemakers to telecom companies, NXLog is everywhere. But where are the most remarkable places NXLog Enterprise Edition is employed?
Tag: elasticsearch
November 3, 2025
Linux security monitoring: Collecting and visualizing events in Elasticsearch and Kibana
Timely visibility into system activity is what separates effective defense from reactive analysis. Every operating system, application, and device logs a trail of evidence. However, transforming that trail into actionable intelligence requires the right tools. In our previous posts, we’ve walked you through:
Visualizing VPN connection logs,
Monitoring Windows security events, and
Analyzing web server activity logs.
In this final installment in our series on log visualization, we’re turning our attention to Linux security monitoring.
September 18, 2025
From network event logs to insights: Visualizing OpenVPN logs with Elasticsearch and Kibana
At NXLog, we help customers solve real-world telemetry data challenges and bring value to the table with NXLog Platform. One of the recurring problems we see is that while network event logs contain a wealth of information, turning them into actionable insights isn’t straightforward. Security operations teams often struggle to make sense of these logs in a way that directly supports threat detection, response, and investigation.
A perfect example of this challenge is VPN logs.
August 9, 2022
Raijin vs Elasticsearch
Log collection is most closely linked to enterprise security practices—for example, aggregation and analysis in a SIEM. However, collecting certain logs for reasons other than security is often valuable. It may even be a requirement of your organization for the purposes of auditing, legal compliance, or data retention.
Storing all these logs in a database is the most efficient way to manage the data. Finding and managing logs stored as flat files or structured data can be challenging without a database.
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
Tag: encryption
May 14, 2024
Harnessing TPM encryption with NXLog
In an increasingly digitalized world, protecting your business’s digital assets is becoming more urgent by the day. Realizing the need to protect data from malicious actors, researchers created encryption. And I am not talking about the Enigma here, but software-based encryption algorithms, with their public and private signing keys, and so on.
Like every other technology, encryption methods have evolved throughout the years. However, the goal remained the same: encryption is there to secure our digital communications.
Tag: enterprise-edition
June 20, 2024
Announcing NXLog Enterprise Edition 5.11
We are excited to announce the release of NXLog Enterprise Edition 5.11. This latest version introduces two new features and addresses over twenty important issues, including two of the most significant which are highlighted in this announcement.
Key enhancements in NXLog Enterprise Edition 5.11 Support for new macOS ES events NXLog Enterprise Edition 5.11 now supports the events introduced by version 13 of the macOS Endpoint Security (ES) API. Check the official Apple documentation for the most up-to-date list of events supported by the macOS ES API.
May 13, 2024
Announcing NXLog Enterprise Edition 6.3
We proudly announce the latest release of NXLog Enterprise Edition, version 6.3. This release adds new features and bug fixes, including the ones highlighted below.
Support for parsing DTS Compliant logs from Microsoft Network Policy Server (NPS) The xm_nps extension module now supports parsing the newest DTL Compliant log format from Microsoft NPS.
The module can now automatically parse all NPS log types, including legacy ODBC and IAS, without you having to specify the log type when configuring the module.
December 21, 2023
Announcing NXLog Enterprise Edition 5.10
We are excited to announce the release of NXLog Enterprise Edition 5.10. This latest version addresses over twenty important issues - the two most significant are mentioned in this announcement - and introduces two features backported from NXLog Enterprise Edition 6.
Key enhancements in NXLog Enterprise Edition 5.10 ElasticSearch integration NXLog Enterprise Edition 5.10 now allows ElasticSearch users to send data as a stream. This feature enables the storage of events in an append-only, single-named manner, enhancing data management and retrieval efficiency.
December 4, 2023
Announcing NXLog Enterprise Edition 6.2
We proudly announce the latest release of NXLog Enterprise Edition, version 6.2. This release adds some new features and includes bug fixes and stability enhancements.
File and folder symlink support In this release, the primary focus was on adding uniform support for file and folder symlinks. The new development affects the im_file and im_fim modules when collecting logs from files, and when using File Integrity Monitoring. The new feature is available to use with the newly introduced directive FollowSymlink.
October 20, 2023
Announcing NXLog Enterprise Edition 6.1
We proudly announce the latest release of NXLog Enterprise Edition, version 6.1. This release adds new features to our Google Chronicle and Kafka output modules to provide more flexible configuration, introduces support for certificates with TPM-attested keys, and implements enhancements to our HTTP input module.
Read on to find out more about these new features.
More flexibility for your Google Chronicle integration We continue to build up our Google Chronicle output module with new functionality to give you more flexibility and control over your data.
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
We proudly announce the latest release of NXLog Enterprise Edition, version 6.0. This major release includes new NXLog language data types, additional TCP and HTTP configuration options, and enhancements to our Elasticsearch and remote administration modules. It will help you improve data integration and handling, enhance manageability, and increase cost efficiency.
Empower your data integration with new "Array" and "Hash" data types As the NXLog configuration language now supports compound values with Array and Hash data types, you can enhance data integrity and coherence.
June 20, 2023
Announcing NXLog Enterprise Edition 5.9
We are proud to announce the latest release of NXLog Enterprise Edition, version 5.9. This release focuses on bringing you new supported platforms and configuration options.
Read on to find out more about some of these new features.
Added protocols to network packet capture information Our administrative module (xm_admin) now returns a list of protocols configured in a packet capture (im_pcap) instance when you request server or module information. This allows you to track, count, and report on the network protocols you are monitoring.
April 24, 2023
Announcing NXLog Enterprise Edition 5.8
We are proud to announce the latest release of NXLog Enterprise Edition, version 5.8. Our newest release includes new modules, better integrations, and additional metrics to collect across your organization.
Read on to find out more about some of these new features.
Native Salesforce module We’ve built a new native module (im_salesforce) for ingesting logs from Salesforce. With this, you no longer have to run an external Python-based Add-On script.
January 20, 2023
Announcing NXLog Enterprise Edition 5.7
New year, new NXLog Enterprise Edition.
Our developers have been hard at work throughout the holiday season to release the latest version of our flagship log collection solution. We are proud to announce NXLog Enterprise Edition 5.7, which includes bug fixes, security updates, and, of course, many new features.
Read on to find out more about some of these new features.
Native support for Google Cloud Logging, Amazon S3, and Microsoft 365 Google Cloud Logging, Amazon S3, and Microsoft 365 integrations were already available as Add-Ons to NXLog Enterprise Edition.
Tag: eps
January 31, 2023
Our customers asked - Input stream EPS tracking with NXLog
This post is the first in a series of answers to questions that our customers asked.
Clarifying EPS EPS stands for Events Per Second and is considered a standard for measuring the speed of event processing. More precisely, it tells how many events can flow through a particular system in a second. In our case, the number relates to how many events NXLog receives, handles, and outputs in one second.
Tag: eps-tracking
January 31, 2023
Our customers asked - Input stream EPS tracking with NXLog
This post is the first in a series of answers to questions that our customers asked.
Clarifying EPS EPS stands for Events Per Second and is considered a standard for measuring the speed of event processing. More precisely, it tells how many events can flow through a particular system in a second. In our case, the number relates to how many events NXLog receives, handles, and outputs in one second.
Tag: etw
October 11, 2021
Collecting DHCP server logs on Windows
DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised.
You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.
March 3, 2020
Sending ETW Logs to Splunk with NXLog
NXLog supports direct collection of Event Tracing for Windows (ETW) data. DNS Analytical logs, for example, can be forwarded to Splunk or another SIEM for monitoring and analysis.
Collecting ETW Logs Event Tracing for Windows (ETW) is a kernel-level tracing facility that provides high-performance logging of kernel and application events. ETW events can be written to a log file or collected directly from the system in realtime via the Consumers API.
Tag: european-union
November 22, 2022
The EU's response to cyberwarfare
With open war in Europe for the first time since 1945, nations across the continent have been busy shoring up their information security defenses. The European Union is stepping up to the plate, releasing a Cyber Defence Policy to, in its words, "boost EU cyber defence capabilities and strengthen coordination and cooperation between the military and civilian cyber communities."
However, bolstering cyber defenses across a collection of countries, home to 450 million people and spanning four million square kilometers, is no easy feat.
Tag: fault-tolerance
March 13, 2025
High Availability and Fault Tolerance
Imagine trying to buy tickets for your favorite band’s concert, only to find the website down just minutes before they sell out. Or logging into the cloud to look through your cherished digital photos and discovering they’ve been lost because of a data center failure.
These scenarios are — at best — frustrating for you. But, for your customers, they can erode trust and damage your business’s reputation.
That’s why organizations invest in strategies like high availability (HA) and fault tolerance (FT).
Tag: features
May 11, 2022
NXLog provides native support for Google Chronicle
We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.
About Google Chronicle Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.
February 22, 2022
NXLog Community Edition support for Raijin Database
Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.
What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.
October 27, 2021
Three important features you can have with the Enterprise Edition over the Community Edition
Features of NXLog Enterprise Edition you must have So, it turns out that your organization needs a reliable solution that can collect, parse, forward, and aggregate your log data. This need might be based on any number of reasons. Perhaps it is due to regulatory compliance mandates. Maybe your security analysts have realized that collecting security logs is the best way to detect potential cyber attacks. These are all valid reasons.
Tag: filtering
November 12, 2024
Optimize log management and cut costs
Data logging and event monitoring have become essential to provide security and performance monitoring of business operations. However, the vast volume of logs generated can lead to significant challenges, including high costs and inefficiencies.
Many companies collect an excessive number of logs, often missing out on the most critical security-related events. The majority of these logs, known as log noise, offer little to no value to security analysts and can obstruct timely access to high-priority security events.
Tag: fim
January 24, 2020
What is File Integrity Monitoring (FIM)? Why do you need it?
About File Integrity Monitoring (FIM) File integrity monitoring is implemented as a detection mechanism to monitor changes to important files and folders. File integrity monitoring is largely used as a security measure for detection and for meeting obligations such as compliance. By using file integrity monitoring, better control measures can be taken due to being able to track and provide data for alerts of activities on assets that are being monitored, such as potential unauthorized changes.
Tag: gdpr
September 23, 2022
GDPR compliance and log management best practices
The European Union’s General Data Protection Regulation (EU GDPR) came into force on 25 May 2018. Many of us remember the influx of marketing emails around this time, with companies updating their privacy policies and asking for the consent of around 450 million Europeans to continue using their personal data.
An often misunderstood participant of this compliance quest is log data—a source potentially rich in protected personal data. So, how does the GDPR apply to an organization’s log data?
Tag: google-chronicle
May 11, 2022
NXLog provides native support for Google Chronicle
We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.
About Google Chronicle Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.
Tag: grafana
October 20, 2025
From web server logs to metrics: Visualizing NGINX logs with Prometheus and Grafana
When users start reporting slow responses or intermittent errors from your web applications, your first go-to is your web server logs. But did you know those same logs can provide more than just troubleshooting clues? When analyzed with the right tools, they give system administrators and DevOps teams real-time visibility into your web environment, enabling them to monitor web servers proactively, rather than reactively.
In this post, we’re going to show you how you can uncover web server performance issues and potential attacks early on by collecting NGINX access logs with NXLog Agent, transforming them into Prometheus metrics, and visualizing them with Grafana.
September 30, 2025
Gaining valuable host performance metrics with NXLog Platform
What are performance metrics and why are they important? IT and security systems don’t just generate logs; they also produce extremely valuable performance data that helps ensure the health and stability of your business infrastructure. Host-level performance metrics provide visibility into key resources, such as:
CPU usage — Helps identify over-utilization, process bottlenecks, or underused resources.
Memory usage — Indicates whether applications are consuming excessive RAM or leaking memory over time.
Tag: ha
March 13, 2025
High Availability and Fault Tolerance
Imagine trying to buy tickets for your favorite band’s concert, only to find the website down just minutes before they sell out. Or logging into the cloud to look through your cherished digital photos and discovering they’ve been lost because of a data center failure.
These scenarios are — at best — frustrating for you. But, for your customers, they can erode trust and damage your business’s reputation.
That’s why organizations invest in strategies like high availability (HA) and fault tolerance (FT).
Tag: high-availability
March 13, 2025
High Availability and Fault Tolerance
Imagine trying to buy tickets for your favorite band’s concert, only to find the website down just minutes before they sell out. Or logging into the cloud to look through your cherished digital photos and discovering they’ve been lost because of a data center failure.
These scenarios are — at best — frustrating for you. But, for your customers, they can erode trust and damage your business’s reputation.
That’s why organizations invest in strategies like high availability (HA) and fault tolerance (FT).
Tag: highlights
December 22, 2022
NXLog - 2022 in review
We’ve come to the end of 2022, and what a year it’s been. It was a year marked by war, economic toil, and addressing the aftermath of the Covid-19 pandemic.
Europe was immediately thrust into crisis in February when the Russia-Ukraine War began. Unfortunately, as an Eastern European-based company, many of our colleagues were directly affected by it.
Then, more recently and in the United States especially, many tech companies began restructuring their organizations to deal with the looming economic problems that are forecast.
Tag: hipaa
July 19, 2023
HIPAA logging requirements and how to ensure compliance
The U.S. Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 to protect the privacy and security of health information. HIPAA’s Privacy, Security, and Breach Notification rules require healthcare providers and their partners to protect electronic protected health information (ePHI) through robust access controls, breach reporting, and documentation practices.
A critical part of this compliance effort involves maintaining detailed audit logs that track who accessed, modified, or disclosed PHI, and retaining HIPAA logs for at least six years.
Tag: history
February 6, 2024
The evolution of event logging: from clay tablets to Taylor Swift
Event logs are our breakfast, lunch, and dinner at NXLog. Before NXLog, I worked on an API that collected software usage logs. And before that, on a centralized log management application. Today, after a career of dealing with logs, I wondered, "How did our world come to rely so much on event logging?"
I mean, in the vast landscape of technological progress, the history of event logging is only a minor subplot.
Tag: iam
December 10, 2025
Identity and Access Management (IAM): Guide for 2026
Imagine a typical company: employees join, they move between offices and departments, then they leave. Each of these changes requires a systems access update for email, databases, internal tools, and more. Manually managing these transitions can be burdensome and error-prone. And where you have errors, you have inefficiencies and exposure to security breaches — neither of which is good for your business.
This is where Identity and Access Management (IAM) comes in.
June 16, 2025
Leveraging Okta logs for improved security monitoring
Most corporate environments require a login, and Identity and Access Management (IAM) is a solution that helps manage that process in different ways. IAM ensures that only the necessary people can access the relevant IT resources.
Each user, device or service is assigned a unique digital identity. So, when an employee logs into a company system, IAM confirms that person’s identity. This might involve a login/password check, multi-factor authentication, or both.
Tag: ibm-qradar
February 2, 2022
NXLog vs IBM QRadar WinCollect - Let's get things straight
How does NXLog Enterprise Edition compare to the IBM QRadar WinCollect event forwarder?
IBM QRadar SIEM collects, processes, and aggregates log data to provide real-time monitoring and automated response to network threats. With its powerful correlation engine and specialized modules for risk and vulnerability management, it is no surprise that it is among the highest-rated tools on Gartner Peer Insights.
To get the best out of a platform like IBM QRadar, you need to ensure that you send the proper amount of data in a format that it can process efficiently.
Tag: ics
August 10, 2022
NXLog in an industrial control security context
Industrial Control Systems (ICS) have evolved over the years and now have a lot in common with traditional IT systems. Low-cost Ethernet and IP devices are replacing older, proprietary technology, which opens up new possibilities to improve connectivity and remote access. However, it also increases vulnerability to cyberattacks and incidents since the system is no longer segregated. Due to the nature of ICS, they differ from other IT systems. A compromised system can cause severe damage to the environment, incur substantial financial and production losses, and negatively impact an entire nation.
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
Tag: iiot
June 8, 2023
Industrial cybersecurity - The facts
In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition.
Two years later, we still have no details on the malicious actor.
Tag: infrastructure-monitoring
October 30, 2025
The shadow IT haunting your network: A Halloween horror story
It’s Halloween season, and while everyone else is worried about ghosts and goblins, you—the sysadmin holding the fort—know the real terror: that dusty print server in the corner that’s been running firmware from 2014. Or the Raspberry Pi someone set up to monitor the server room temperature "temporarily" three years ago. Or the CEO’s personal tablet that absolutely must connect to the internal network because "it’s just easier this way.
October 29, 2025
Watching the watchers: The need for telemetry system observability
Organizations invest heavily in sophisticated monitoring platforms, deploy countless agents across their infrastructure, and build elaborate dashboards to track every metric imaginable. Yet amid this pursuit of comprehensive visibility, a dangerous blind spot often emerges: the observability system itself becomes unobservable.
This meta-problem represents one of the most insidious risks in modern infrastructure management. When telemetry collection fails silently—whether due to misconfiguration, infrastructure changes, or system failures—operations teams continue making critical decisions based on incomplete or stale data, unaware that their digital nervous system has developed gaps in coverage.
October 28, 2025
Beyond the silicon: Why monitoring the infrastructure powering AI is critical to ROI
The AI gold rush has arrived, and organizations worldwide are making unprecedented investments in cutting-edge accelerator hardware. GPU clusters worth millions of dollars are being deployed at breakneck speed, with companies betting their competitive futures on these silicon powerhouses. Yet beneath the excitement of acquiring the latest H100s or MI300s lies a sobering reality: the most expensive part of your AI investment isn’t the initial purchase—it’s ensuring that hardware delivers value every single moment it’s operational.
Tag: integration
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
May 11, 2022
NXLog provides native support for Google Chronicle
We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.
About Google Chronicle Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.
March 19, 2022
Deploying and managing NXLog with Puppet
Puppet Bolt is an open-source orchestration tool that automates the manual configuration and management of your infrastructure.
In this post, we will look at how you can create your Puppet Bolt project directory, your inventory YAML file, and finally, your Puppet Bolt Plan to deploy NXLog on a variety of Operating Systems.
Why use Puppet Bolt to deploy NXLog? Apart from the usual tasks of updating software packages, configuring web servers and databases, the need for constant logging has become extremely important, and a de facto necessity nowadays.
March 1, 2022
Deploying and managing NXLog with Ansible
Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.
September 6, 2021
Collecting Kubernetes logs with NXLog
Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
Tag: it-security
September 30, 2022
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
July 1, 2021
Top 5 security concerns revealed with DNS logging
The Domain Name System (DNS) facilitates communication between all devices connected to the Internet. It consists of hierarchical servers that can translate any given hostname, along with its corresponding domain name, to its internet protocol (IP) address(es). One of the most common is the windows DNS server that ensures that data requests are sent to their correct endpoints while providing human-readable addresses for websites connected to the Internet. With the ever-growing number of cloud-based devices and technologies, for instance, the Internet of things (IoT), portals, web applications, as well as online transaction processing, it is more important than ever to identify the actual physical addresses of remote devices when relying on DNS-dependent connectivity.
February 3, 2020
Insufficient logging and monitoring, TOP 10 security risk
"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
In this article these top security risks discussed in the context of log collection.
OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.
Tag: kernel-log
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
Tag: kibana
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
Tag: kubernetes
September 6, 2021
Collecting Kubernetes logs with NXLog
Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.
Tag: kubernetes-logs
September 6, 2021
Collecting Kubernetes logs with NXLog
Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.
Tag: legislation
January 23, 2024
GLBA Compliance in 2024 - Reporting directly to the FTC
The U.S. Federal Trade Commission (FTC) approved amendments to its Safeguards Rule that require FTC-regulated non-banking financial institutions to report data breaches and other security events directly to the FTC. It was originally proposed to add a breach notification requirement back in late 2021. The rule requires financial institutions to report “notification events” to the FTC within 30 days of discovery of the notification event where the private information of 500+ consumers is involved.
Tag: linux
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
February 22, 2021
Setting up a Windows Event Collector (WEC) on Linux
Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
January 13, 2021
NXLog Containers were certified by Red Hat
Applications are getting more and more complex. The demand to develop them faster is ever-increasing. This puts stress on organizations’ processes, infrastructure, and the IT teams that support them.
Modern Container technology helps to alleviate issues faster across multiple environments. Linux containers are another evolutionary leap in how applications are developed, deployed, and managed. These containers are based on stable Red Hat Enterprise Linux images that have no adverse effects on your current IT infrastructure.
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
Tag: linux-dns-logs
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
Tag: linux-logs
January 9, 2026
Linux security monitoring with NXLog Platform: Extracting key events for better monitoring
From years of supporting NXLog Agent deployments across many environments, we’ve learned that while Linux generates a wealth of security logging, much of it remains underutilized. Critical security events are buried across multiple log files and subsystems, making it more complicated than it should be to spot suspicious activity.
Efficient Linux security logging requires knowledge of which events matter and where to get them. Authentication attempts, privilege changes, package installations, audit events, and system shutdown events can all tell a story when viewed together.
December 12, 2025
rsyslog vs syslog-ng: Which is the right log shipper?
Well, no doubt logging is the nervous system of any IT infrastructure. From troubleshooting outages to satisfying compliance audits and threat management, having the right log management pipeline can make the difference between smooth operations and chaotic firefighting. For decades, syslog-ng and rsyslog have been two of the most widely used log management tools for Unix and Linux environments. Both provide implementations of the original 1980s syslog protocol and are designed to collect, process, and forward log messages across networks.
November 3, 2025
Linux security monitoring: Collecting and visualizing events in Elasticsearch and Kibana
Timely visibility into system activity is what separates effective defense from reactive analysis. Every operating system, application, and device logs a trail of evidence. However, transforming that trail into actionable intelligence requires the right tools. In our previous posts, we’ve walked you through:
Visualizing VPN connection logs,
Monitoring Windows security events, and
Analyzing web server activity logs.
In this final installment in our series on log visualization, we’re turning our attention to Linux security monitoring.
Tag: linux-security
January 9, 2026
Linux security monitoring with NXLog Platform: Extracting key events for better monitoring
From years of supporting NXLog Agent deployments across many environments, we’ve learned that while Linux generates a wealth of security logging, much of it remains underutilized. Critical security events are buried across multiple log files and subsystems, making it more complicated than it should be to spot suspicious activity.
Efficient Linux security logging requires knowledge of which events matter and where to get them. Authentication attempts, privilege changes, package installations, audit events, and system shutdown events can all tell a story when viewed together.
November 3, 2025
Linux security monitoring: Collecting and visualizing events in Elasticsearch and Kibana
Timely visibility into system activity is what separates effective defense from reactive analysis. Every operating system, application, and device logs a trail of evidence. However, transforming that trail into actionable intelligence requires the right tools. In our previous posts, we’ve walked you through:
Visualizing VPN connection logs,
Monitoring Windows security events, and
Analyzing web server activity logs.
In this final installment in our series on log visualization, we’re turning our attention to Linux security monitoring.
Tag: local-legislation
January 11, 2024
The story of the $1,900,000 penalty for insufficient log management
It was late March 2021 when a phishing email was sent to a network administrator of TTEC Healthcare Solutions, Inc. (TTEC HS) - an integrated healthcare CX solutions provider - and a threat actor gained highly privileged access to the network. On September 12, 2021, a common ransomware scenario was triggered, with approximately 1,800 devices compromised via the access channel obtained almost 5 months earlier.
Prior to executing the ransomware attack, the threat actor successfully exfiltrated data from the TTEC HS network, containing non-public information (NPI) of current and former employees of TTEC HS, and for individuals who were insured by one of TTEC HS’s clients, including, importantly, some New York residents.
Tag: log-aggregation
August 1, 2022
The benefits of log aggregation
Logs are a record of the internal workings of a system. Nowadays, organizations can have hundreds and, more regularly, thousands of managed computers, servers, mobile devices, and applications; even refrigerators are generating logs in this Internet of Things era. The result is the production of terabytes of log data—event logs, network flow logs, and application logs, to name a few—that must be carefully sorted, analyzed, and stored.
Without a log management tool, you would need to manually search through many directories of log files on each system to access and extract meaning from these millions of event logs.
February 17, 2022
Aggregating macOS logs for SIEM systems
Apple has made great strides in recent years, not only with its innovative hardware, but also with incremental improvements to its operating systems. For a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Apple also continues to maintain a strong presence in institutions of higher education, as it has for decades in the US. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.
January 3, 2022
Log aggregation with NXLog
The value of log aggregation There is no denying the importance of log aggregation for multi-million-dollar enterprises worldwide. But just what is log aggregation? And how can it help your organization? Well, log aggregation is the process of standardizing and consolidating your log data from distributed systems across your network into one centralized server. By doing so, you have a unified view of what occurs across your entire IT infrastructure.
July 29, 2021
Using Raijin Database Engine to aggregate and analyze Windows security events
In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools.
A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.
April 1, 2020
How a centralized log collection tool can help your SIEM solutions
IT security should be one of the main focus points of all enterprises. In today’s world, when digital transformation is taking place at an unprecedented pace, securing online data is vital for all kinds of businesses. This is why most companies are utilizing SIEM (Security Information and Event Management) solutions that help them identify threats before they can do any harm.
Even though SIEM tools are perfect for event correlation and analytics, it is not part of their core functionality to manage log collection, filtering, distribution, and formatting.
Tag: log-collection
February 24, 2026
Centralized log management: What it is, how centralized logging works, and how to choose the right system
Centralized log management is the practice of collecting logs from across an environment, including applications, servers, containers, networks, and cloud services, and storing them in a single location where they can be searched and analyzed.
For operations and security teams, centralized logging is now a core requirement. Without it, logs are scattered across hosts, ephemeral containers, cloud consoles, and disconnected tools. This fragmentation slows troubleshooting, complicates incident response, and limits visibility during security investigations.
May 21, 2024
Ingesting log data from Debian UFW to Loki and Grafana
An excellent way to get started in a new technology area or refresh our knowledge is to devise a solution based on a small idea or need. This blog post covers such a situation, with a small personal project demonstrating how to use NXLog’s powerful features.
I embarked on a small pet project centered around a cloud machine running Debian 10. It connects telemetry from my home, country house, and notebook.
September 30, 2022
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
August 18, 2022
The disappearing Windows DNS debug log
The Windows DNS debug log contains valuable information on DNS queries and activity that is especially useful for monitoring and analyzing malicious traffic. This requires some configuration changes for the DNS service in order to enable debug logging.
Here is a short description on how to enable debug logging for the DNS service on windows, this also applies to Windows Server 2008 and later. It is possible to specify the file and path name of the DNS debug log file as well as the maximum size of the file.
June 28, 2022
Security logging on Windows - beyond 4625
As a security administrator, you may be inclined to focus on the Windows Security log within Windows Event Log. You might even go as far as filtering for specific event IDs, such as EventID 4625 (failed logon request), while forgetting there is much more to security logging on Windows than this single log source.
The consequence of this narrow field of view is that you are not benefitting from the valuable information that other Event IDs used for security audit policies can offer.
October 11, 2021
Collecting DHCP server logs on Windows
DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised.
You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.
September 6, 2021
Collecting Kubernetes logs with NXLog
Kubernetes is nowadays the de facto standard for the deployment and management of containerized applications. A Kubernetes deployment may contain hundreds, if not thousands, of nodes and pods. As with any other system, collecting logs from your Kubernetes environment is imperative to monitor the health of your cluster and to troubleshoot issues when they arise. In this post we will explore the logging challenges that Kubernetes poses, and how NXLog can be a key player in your logging solution.
August 25, 2021
File-based logs? Yes, they're still being used!
File-based logs are where it all began. These logs can yield information of great value to security analysts and administrators alike. Armed with this information, IT professionals are better equipped to troubleshoot issues, evaluate system performance, identify bugs, and even detect security breaches.
In today’s world, we tend to focus on the modern, integrated logging facilities like Microsoft’s Windows Event Log or Apple’s Unified Logging System (ULS). However, all the major operating systems still generate log files that may or may not be integrated into these logging facilities.
July 15, 2021
Top 5 Windows Security logs everyone should collect
It goes without saying that across your business infrastructure, there should be a commitment to protect not only the hardware and software assets, but the plethora of data that is transmitted through and stored in it. However, to successfully safeguard such data, it is imperative to have an effective audit policy in place that includes the collection of security events as its essential component.
Windows provides a wealth of security logs that are visible in the built-in Security channel of Event Viewer.
June 14, 2021
Windows Event Log collection in a nutshell
Unquestionably, Microsoft Windows is the number one desktop operating system in the world, as well as having a significant share of the server operating system market. Multi-million-dollar organizations rely heavily on Windows Server and Active Directory to provide a safe, secure networked environment for their business operations. Such an enterprise infrastructure alone can generate thousands of events per second that range anywhere from benign user authentication events to logs indicating a severe software failure, or even more serious events such as DoS attacks or intrusion attempts.
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
February 22, 2021
Setting up a Windows Event Collector (WEC) on Linux
Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
May 31, 2020
DNS Log Collection and Parsing
DNS Log Collection and Parsing DNS log collection and parsing should be part of the log collection strategy of every modern IT infrastructure. There are numerous reasons why you should be concerned enough to collect as well as parse the DNS logs collected, some of which include:
Operations and Support Parsing DNS server logs can be used to track active DNS clients, while parsing complex and noisy logs can be helpful in troubleshooting support issues.
May 28, 2020
DNS Log Collection on Windows
Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them.
DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform.
While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.
May 14, 2020
DNS Log Collection on Linux
Be sure to read Part 1 and Part 2 of our series in case you missed them.
DNS Log Collection on Linux In the third, closing part of our series on DNS log collection, we discuss DNS logging on Linux using open source software. From the numerous open source DNS server implementations available, we tried to include the more popular ones and summarized what is involved in collecting logs from them.
January 24, 2020
What is File Integrity Monitoring (FIM)? Why do you need it?
About File Integrity Monitoring (FIM) File integrity monitoring is implemented as a detection mechanism to monitor changes to important files and folders. File integrity monitoring is largely used as a security measure for detection and for meeting obligations such as compliance. By using file integrity monitoring, better control measures can be taken due to being able to track and provide data for alerts of activities on assets that are being monitored, such as potential unauthorized changes.
October 22, 2019
Agent-based versus agentless log collection - which option is best?
One of the harder decisions revolve around implementing agent-based vs agentless log collection. This post covers the two methods - their advantages and disadvantages - and provides some quick and actionable implementation notes.
Why does log collection agent choice matter? When deploying a log collection strategy, administrators usually tend to zone in on already selected solutions that answers fundamental questions, such as "Will this solution collect and ship these types of log sources?
Tag: log-file
August 25, 2021
File-based logs? Yes, they're still being used!
File-based logs are where it all began. These logs can yield information of great value to security analysts and administrators alike. Armed with this information, IT professionals are better equipped to troubleshoot issues, evaluate system performance, identify bugs, and even detect security breaches.
In today’s world, we tend to focus on the modern, integrated logging facilities like Microsoft’s Windows Event Log or Apple’s Unified Logging System (ULS). However, all the major operating systems still generate log files that may or may not be integrated into these logging facilities.
Tag: log-forwarding
June 16, 2021
Forwarding logs with NXLog
So, you managed to read through all the compliance mandates that are required for the industry you are in. And, during the mandatory consultation you had with your company’s IT security expert and network manager you came to an agreement on which logs to collect and carefully selected their final destination. Which — in most cases — is usually some kind of analytics system or SIEM technology where log data can be analyzed and stored based on your business requirements.
February 1, 2021
Sending logs to Microsoft Sentinel with NXLog
What if you could selectively ingest only the high-quality events needed for metrics and reporting that come not only from Azure, but also from other cloud- based resources and on-site assets directly into Microsoft Sentinel?
In this post, the technology we will be examining is the Azure Monitor HTTP Data Collector API, which enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Microsoft Sentinel queries.
March 3, 2020
Sending ETW Logs to Splunk with NXLog
NXLog supports direct collection of Event Tracing for Windows (ETW) data. DNS Analytical logs, for example, can be forwarded to Splunk or another SIEM for monitoring and analysis.
Collecting ETW Logs Event Tracing for Windows (ETW) is a kernel-level tracing facility that provides high-performance logging of kernel and application events. ETW events can be written to a log file or collected directly from the system in realtime via the Consumers API.
Tag: log-management
September 23, 2022
GDPR compliance and log management best practices
The European Union’s General Data Protection Regulation (EU GDPR) came into force on 25 May 2018. Many of us remember the influx of marketing emails around this time, with companies updating their privacy policies and asking for the consent of around 450 million Europeans to continue using their personal data.
An often misunderstood participant of this compliance quest is log data—a source potentially rich in protected personal data. So, how does the GDPR apply to an organization’s log data?
Tag: log-noise
August 27, 2025
How to reduce log noise and fight SOC alert fatigue
Do you ever feel like you’re drowning in data? From endpoint logs and firewall events to database auditing and cloud metrics, the sheer amount of data is overwhelming. While telemetry data is crucial for threat detection, incident response, and compliance, it also brings a major challenge: log noise.
Log noise obscures meaningful security signals. If left unchecked, you risk increased false positives, overloading security tools, higher SIEM licensing costs, and, most importantly, SOC alert fatigue.
Tag: log-size
November 12, 2024
Optimize log management and cut costs
Data logging and event monitoring have become essential to provide security and performance monitoring of business operations. However, the vast volume of logs generated can lead to significant challenges, including high costs and inefficiencies.
Many companies collect an excessive number of logs, often missing out on the most critical security-related events. The majority of these logs, known as log noise, offer little to no value to security analysts and can obstruct timely access to high-priority security events.
Tag: log4j
February 3, 2022
How to prevent and detect Log4j vulnerabilities
The Apache Log4j vulnerability has attracted a lot of media attention as a result of recent security incidents that were reported by some organizations using versions 2.0-beta9 through 2.14.1. This security flaw has the potential to affect thousands of applications since some of the world’s largest databases rely on Log4j.
Because so many organizations are affected, cybercriminals are actively exploiting this well-known vulnerability.
Why is this so dangerous? In addition to the threat of malware and ransomware, hackers can also perform remote code execution due to the Log4j vulnerability.
Tag: macos
February 17, 2022
Aggregating macOS logs for SIEM systems
Apple has made great strides in recent years, not only with its innovative hardware, but also with incremental improvements to its operating systems. For a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Apple also continues to maintain a strong presence in institutions of higher education, as it has for decades in the US. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.
Tag: macos-logs
February 17, 2022
Aggregating macOS logs for SIEM systems
Apple has made great strides in recent years, not only with its innovative hardware, but also with incremental improvements to its operating systems. For a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Apple also continues to maintain a strong presence in institutions of higher education, as it has for decades in the US. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.
Tag: maritime-regulations
October 17, 2023
Log management for maritime cybersecurity compliance regulations
Historically, seaports have played a crucial role in a state’s development, and interruption in their services has a significant impact on economics. So, it’s no surprise commercial ports are regarded as a critical transport infrastructure.
One of the most significant challenges ports face today is ongoing digital transformation. The majority of tasks carried out across a port utilize autonomous and partially automated systems, including those for managing port access, vessel berthing (bridges, locks, gates, etc.
Tag: memory-management
July 12, 2023
Understanding memory usage in NXLog
Understanding how NXLog allocates memory is essential to optimize your configuration for performance and utilize system resources efficiently.
NXLog is designed for high-performance log collection and processing and is optimized to use system resources efficiently. However, various external factors affect how NXLog uses system resources, including memory, which can impact NXLog’s and its host’s performance. Misconfiguration is the leading factor we see when troubleshooting excessive memory consumption. Therefore, in this blog post, we will dive deeper into how NXLog allocates memory to help you create the optimal configuration for your system or determine whether high memory usage results from a misconfiguration.
Tag: mfa
April 13, 2023
MFA Fatigue - What it is, and how to combat it
A multi-factor authentication (MFA) fatigue attack is a form of a social engineering cyberattack strategy where attackers repeatedly try to make second-factor authentication requests to the target’s email, phone, or other registered devices to gain access to the system. You may also hear about MFA Fatigue attack as MFA Bombing, 2FA fatigue, MFA push spam, MFA Spamming, or prompt bombing.
Technology administrators are always playing a never-ending battle of cat and mouse when it comes to threat actors.
Tag: mfa-fatigue
April 13, 2023
MFA Fatigue - What it is, and how to combat it
A multi-factor authentication (MFA) fatigue attack is a form of a social engineering cyberattack strategy where attackers repeatedly try to make second-factor authentication requests to the target’s email, phone, or other registered devices to gain access to the system. You may also hear about MFA Fatigue attack as MFA Bombing, 2FA fatigue, MFA push spam, MFA Spamming, or prompt bombing.
Technology administrators are always playing a never-ending battle of cat and mouse when it comes to threat actors.
Tag: microsoft
June 10, 2025
Enhancing security with Microsoft's Expanded Cloud Logs
Nation-state-sponsored hacking stories are everyone’s favorite Hollywood movies — until our personal or corporate sensitive data shows up on the dark web for sale, being compromised. In real life, cyber espionage groups’s activities trigger security enforcement. First in the government sector, then the government standards slowly shift industry norms starting by gently forcing vendors who are also selling into government contracts.
In the case of the recently announced playbook on MICROSOFT EXPANDED CLOUD LOGS IMPLEMENTATION PLAYBOOK, issued by the US Cybersecurity and Infrastructure Security Agency (CISA), it all started in July 2023, when the Chinese cyber espionage group Storm-0558 exploited a vulnerability in Microsoft’s Outlook email system to gain unauthorized access to email accounts belonging to U.
Tag: microsoft-nps
June 26, 2024
Onboarding Microsoft NPS logs
For those of us who manage network authentication and authorization, RADIUS is a familiar term. This protocol was introduced in the last century, and many of us from those days still remember the old-school diagrams, which surprisingly remain on the Cisco Systems website today.
Figure 1. Interaction between dial-in user requests, the RADIUS client and server © Cisco RADIUS, which stands for Remote Authentication Dial-In User Service, was developed to address a specific challenge.
Tag: microsoft-sentinel
February 1, 2021
Sending logs to Microsoft Sentinel with NXLog
What if you could selectively ingest only the high-quality events needed for metrics and reporting that come not only from Azure, but also from other cloud- based resources and on-site assets directly into Microsoft Sentinel?
In this post, the technology we will be examining is the Azure Monitor HTTP Data Collector API, which enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Microsoft Sentinel queries.
Tag: migration
February 2, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
NXLog Enterprise Edition 5 has been with us for nearly four years. That’s four years of being an industry-leading log collection tool adored by engineering teams and Fortune 100 customers around the globe. And while the NXLog Enterprise Edition 5 story isn’t yet over, it needs to move forward to keep pace with modern technologies and new demands.
Like any good muscle car, NXLog EE 5 has its limits, and so back in 2022 we came face-to-face with a problem - it required too much to change under the hood to stay modern and effective.
Tag: modbus
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
Tag: monitoring
September 30, 2025
Gaining valuable host performance metrics with NXLog Platform
What are performance metrics and why are they important? IT and security systems don’t just generate logs; they also produce extremely valuable performance data that helps ensure the health and stability of your business infrastructure. Host-level performance metrics provide visibility into key resources, such as:
CPU usage — Helps identify over-utilization, process bottlenecks, or underused resources.
Memory usage — Indicates whether applications are consuming excessive RAM or leaking memory over time.
April 30, 2025
Monitoring NXLog Agent with Zabbix using the Agent Management API
NXLog Agent plays a vital role in aggregating, processing, and forwarding logs to centralized platforms for analysis. Whether it’s system logs, application logs, or security audit trails, these agents are often the first line of visibility into what’s happening in your environment.
In many setups, especially large-scale infrastructures, NXLog Agent relays act as crucial intermediaries, collecting logs from edge systems and forwarding them to a SIEM or log analytics platform.
Tag: network-logs
September 18, 2025
From network event logs to insights: Visualizing OpenVPN logs with Elasticsearch and Kibana
At NXLog, we help customers solve real-world telemetry data challenges and bring value to the table with NXLog Platform. One of the recurring problems we see is that while network event logs contain a wealth of information, turning them into actionable insights isn’t straightforward. Security operations teams often struggle to make sense of these logs in a way that directly supports threat detection, response, and investigation.
A perfect example of this challenge is VPN logs.
Tag: network-protocols
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
Tag: nginx
October 20, 2025
From web server logs to metrics: Visualizing NGINX logs with Prometheus and Grafana
When users start reporting slow responses or intermittent errors from your web applications, your first go-to is your web server logs. But did you know those same logs can provide more than just troubleshooting clues? When analyzed with the right tools, they give system administrators and DevOps teams real-time visibility into your web environment, enabling them to monitor web servers proactively, rather than reactively.
In this post, we’re going to show you how you can uncover web server performance issues and potential attacks early on by collecting NGINX access logs with NXLog Agent, transforming them into Prometheus metrics, and visualizing them with Grafana.
Tag: nis2
July 18, 2024
NIS2 Directive: a strong request for better incident handling
Did you know the European Union created a rule called the NIS Directive? This rule was established in 2016 to ensure that all member countries are equally protected against cyber attacks. It’s a step towards making it easier for governments to work together to stop cyber threats. However, the Directive was expected to provide more specific instructions for protecting against attacks and ensuring all countries follow the rule. The rule also requires companies and governments to be better prepared to handle cyber attacks and have a plan in case something goes wrong.
Tag: nist
April 12, 2024
NIST Cybersecurity Framework 2.0. Update Takeaways
On February 26, 2024, the U.S. National Institute of Standards and Technology (NIST) officially released Cybersecurity Framework (CSF) 2.0. This release has had the most significant changes since its inception in 2014. Let’s quickly walk through the updates it brought and how log collection supports the functions of the renewed framework.
What is NIST CSF The U.S. NIST Cybersecurity Framework is one of the most widely used security frameworks (with ISO27001, CIS, and others), helping organizations estimate, manage, and reduce their cybersecurity risks.
Tag: nxlog
December 19, 2024
NXLog redefines log management for the digital age
New CEO appointed as the company’s founder, former CEO & CTO, transitions to a dedicated CTO role, focusing on innovation in observability and telemetry pipeline management market.
(LONDON, UK) – 19th December 2024 - NXLog, a leading technology provider of log management solutions, announced the appointment of Harald Reisinger as its new Chief Executive Officer. Co-founder and former CEO Botond Botyánszki will transition to the Chief Technology Officer (CTO) role.
Tag: nxlog-agent
February 6, 2023
Our customers asked - How to start an NXLog module with a delay?
There are several reasons you might want to start a particular NXLog module with a delay. You can think of it like delaying the start of a Windows service. In most cases, you need to do this for performance reasons. But there might be other scenarios where you would want to do this, such as collecting logs during a specific time frame. If you have, for example, a less critical module block, you can prioritize the more important one by delaying the less important one.
January 31, 2023
Our customers asked - Input stream EPS tracking with NXLog
This post is the first in a series of answers to questions that our customers asked.
Clarifying EPS EPS stands for Events Per Second and is considered a standard for measuring the speed of event processing. More precisely, it tells how many events can flow through a particular system in a second. In our case, the number relates to how many events NXLog receives, handles, and outputs in one second.
Tag: nxlog-ce
February 22, 2022
NXLog Community Edition support for Raijin Database
Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.
What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.
Tag: nxlog-configuration
July 12, 2023
Understanding memory usage in NXLog
Understanding how NXLog allocates memory is essential to optimize your configuration for performance and utilize system resources efficiently.
NXLog is designed for high-performance log collection and processing and is optimized to use system resources efficiently. However, various external factors affect how NXLog uses system resources, including memory, which can impact NXLog’s and its host’s performance. Misconfiguration is the leading factor we see when troubleshooting excessive memory consumption. Therefore, in this blog post, we will dive deeper into how NXLog allocates memory to help you create the optimal configuration for your system or determine whether high memory usage results from a misconfiguration.
November 23, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
syslog-ng and NXLog are both powerful log collectors providing flexible log processing. However, you might be in a position where you need to switch from syslog-ng to NXLog. Whether it’s because syslog-ng doesn’t support an operating system or you want to upgrade your log collection solution to one that can be centrally managed, converting your syslog-ng configuration to NXLog is a simple task.
How do syslog-ng and NXLog differ? syslog-ng and NXLog are alike in many ways.
Tag: nxlog-ee
October 27, 2021
Three important features you can have with the Enterprise Edition over the Community Edition
Features of NXLog Enterprise Edition you must have So, it turns out that your organization needs a reliable solution that can collect, parse, forward, and aggregate your log data. This need might be based on any number of reasons. Perhaps it is due to regulatory compliance mandates. Maybe your security analysts have realized that collecting security logs is the best way to detect potential cyber attacks. These are all valid reasons.
Tag: nxlog-ee-5
September 11, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
The NXLog team is constantly improving the quality of NXLog Enterprise Edition and will soon introduce a new major release - NXLog Enterprise Edition 6.0. This release will bring a large number of changes and it is important to correctly adapt your current configuration when upgrading your system.
Warning We strongly recommend testing NXLog Enterprise Edition 6.0 operation on a smaller set of devices before commiting to a full-scale upgrade of your complete system.
Tag: nxlog-ee-6
September 11, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
The NXLog team is constantly improving the quality of NXLog Enterprise Edition and will soon introduce a new major release - NXLog Enterprise Edition 6.0. This release will bring a large number of changes and it is important to correctly adapt your current configuration when upgrading your system.
Warning We strongly recommend testing NXLog Enterprise Edition 6.0 operation on a smaller set of devices before commiting to a full-scale upgrade of your complete system.
Tag: nxlog-enterprise-edition
September 19, 2024
Announcing the end-of-sale for NXLog Enterprise Edition and NXLog Manager
We are officially announcing that NXLog will no longer be selling NXLog Enterprise Edition and NXLog Manager. This decision reflects our commitment to evolving our product offerings and delivering more powerful, future-proof solutions.
While the sale of these products is ending, please be assured that we will continue to provide full technical support, maintenance, and bug fixes for both NXLog Enterprise Edition and NXLog Manager until the end of your contractual period.
Tag: nxlog-enterprise-edition-5
February 2, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
NXLog Enterprise Edition 5 has been with us for nearly four years. That’s four years of being an industry-leading log collection tool adored by engineering teams and Fortune 100 customers around the globe. And while the NXLog Enterprise Edition 5 story isn’t yet over, it needs to move forward to keep pace with modern technologies and new demands.
Like any good muscle car, NXLog EE 5 has its limits, and so back in 2022 we came face-to-face with a problem - it required too much to change under the hood to stay modern and effective.
Tag: nxlog-enterprise-edition-6
February 2, 2024
Migrate to NXLog Enterprise Edition 6 for our best ever log collection experience
NXLog Enterprise Edition 5 has been with us for nearly four years. That’s four years of being an industry-leading log collection tool adored by engineering teams and Fortune 100 customers around the globe. And while the NXLog Enterprise Edition 5 story isn’t yet over, it needs to move forward to keep pace with modern technologies and new demands.
Like any good muscle car, NXLog EE 5 has its limits, and so back in 2022 we came face-to-face with a problem - it required too much to change under the hood to stay modern and effective.
Tag: nxlog-in-the-world
February 2, 2023
NXLog in the world - January 2023
A round-up of some of our favorite social media chatter about NXLog this month. Tecmint: Most notable open source log collection tools - NXLog features on the list of top centralized log collection tools
Blumira: Windows Firewall with GPOs - NXLog is recommended to be used in managing the Windows Firewall with GPOs
StationX: CompTIA Security+ Cheat Sheet - NXLog is part of the CompTIA Security+ exam
Reddit: Filter logon/logoff events from AD - How to filter logon/logoff logs from Active Directory with NXLog agent, and shipping to a syslog-ng server
Tag: nxlog-manager
September 19, 2024
Announcing the end-of-sale for NXLog Enterprise Edition and NXLog Manager
We are officially announcing that NXLog will no longer be selling NXLog Enterprise Edition and NXLog Manager. This decision reflects our commitment to evolving our product offerings and delivering more powerful, future-proof solutions.
While the sale of these products is ending, please be assured that we will continue to provide full technical support, maintenance, and bug fixes for both NXLog Enterprise Edition and NXLog Manager until the end of your contractual period.
November 3, 2023
Announcing NXLog Manager 5.7
We are pleased to announce the latest release of NXLog Manager, version 5.7. This release addresses several CVE issues, adds support for NXLog’s Microsoft Azure modules, and provides an updated Docker image.
Read on to find out more about these new features.
A more secure NXLog Manager This version addresses multiple known Common Vulnerabilities and Exposures (CVE), reducing the attack surface in our customers' systems. See the release notes for a complete list of corrected CVEs.
Tag: nxlog-platform
March 9, 2026
Beyond basic ingestion: Advanced OpenTelemetry data processing with NXLog
Most discussions about OpenTelemetry pipelines focus on getting data from point A to point B. Collect telemetry, maybe convert the format, forward it to a backend. That’s the minimum viable pipeline, and it’s where most tooling stops.
But a pipeline that only moves data is a pipe, not a processing layer. The telemetry arriving at your observability platform or SIEM is only as useful as the context it carries. A raw log entry saying "connection from 198.
March 5, 2026
How NXLog simplifies your OpenTelemetry journey
OpenTelemetry has become the de facto standard for telemetry data. Nearly 50% of surveyed cloud-native end-user companies have adopted it, and the project ranks as the second-highest-velocity initiative in the CNCF, behind only Kubernetes. The direction is clear: if your infrastructure doesn’t speak OpenTelemetry, it will increasingly be left out of the observability conversation.
But adopting OpenTelemetry across an entire infrastructure is a different problem than adopting it in a greenfield application.
June 24, 2025
Current challenges in log and telemetry data management
Today, most enterprises use a security log analytics solution or SIEM (Security Information & Event Management), but analytics are only as good as the data fed into your solution. If you’re missing data sources or are failing to extract full value from the data, you won’t see the big picture.
This is an issue new customers commonly mention to NXLog. That’s why one of our key goals is to provide a solid data collection layer that ensures all relevant data is collected and properly fed into the SIEM.
May 13, 2025
From NXLog Community Edition to NXLog Platform
NXLog Community Edition was launched many years ago and, being cross-platform and highly versatile, quickly became a leading log collection tool. With millions of downloads, it is widely used across on-premises, cloud, and hybrid deployments. While over 70% of users have upgraded to the more feature-rich and robust NXLog Enterprise Edition, many still rely on NXLog Community Edition due to its flexibility and fit for many use cases.
However, as technology advances and business and security demands grow, we are excited to introduce NXLog Platform—a modern, comprehensive solution that offers enhanced functionality and performance.
November 27, 2024
Centralized Windows log collection - NXLog Platform vs. WEF
One of the challenges that security-conscious Windows administrators face is collecting and centralizing Windows event logs. One of the obvious solutions that come to mind is the native Windows Event Forwarding (WEF) feature available on all modern Windows operating systems.
WEF offers the convenience of forwarding Windows events to a central event collector without installing and managing agents. To objectively portray the role this valuable technology plays in the larger scope of enterprise log collection, we have written several articles that discuss it:
September 24, 2024
NXLog redefines the market with the launch of NXLog Platform: a new centralized log management solution
NXLog Platform is a new centralized log management solution from the vendor with over 12 years of experience and 600 clients worldwide, including Fortune 500 companies.
The new solution stands out for the following unique features:
Agentless or agent-based log collection using the most versatile log processor and forwarder.
Cloud-ready self-hosted centralized agent and log management system for ultimate scalability.
High-volume, fast, schemaless long-term log retention database with high compression ratios.
August 28, 2024
Welcome to the future of log management with NXLog Platform
Centralized log management at the core of security monitoring Enhance data visibility, streamline security operations, and reduce SIEM costs.
We are excited to announce the upcoming launch of our new centralized log management solution, NXLog Platform.
Over the past year, our team has been working hard to bring you an innovative log collection and management solution. In our 12+ years of experience in the industry, we have learned that one of the biggest challenges in log management is the number of dispersed systems you need to manage.
Tag: observability
January 5, 2026
Telemetry is evolving; is your business ready?
Some still think telemetry is a futuristic concept, but it isn’t. It’s already integral to the smooth running of everything from websites, e-commerce platforms and mobile apps to manufacturing, traffic control and much, much more. And it all begins with the humble data log.
From the earliest days of computing, programmers have recorded useful information — often in a file — to help track and react to potential threats and understand what’s going on "under the hood" of their IT infrastructures.
October 30, 2025
The shadow IT haunting your network: A Halloween horror story
It’s Halloween season, and while everyone else is worried about ghosts and goblins, you—the sysadmin holding the fort—know the real terror: that dusty print server in the corner that’s been running firmware from 2014. Or the Raspberry Pi someone set up to monitor the server room temperature "temporarily" three years ago. Or the CEO’s personal tablet that absolutely must connect to the internal network because "it’s just easier this way.
October 29, 2025
Watching the watchers: The need for telemetry system observability
Organizations invest heavily in sophisticated monitoring platforms, deploy countless agents across their infrastructure, and build elaborate dashboards to track every metric imaginable. Yet amid this pursuit of comprehensive visibility, a dangerous blind spot often emerges: the observability system itself becomes unobservable.
This meta-problem represents one of the most insidious risks in modern infrastructure management. When telemetry collection fails silently—whether due to misconfiguration, infrastructure changes, or system failures—operations teams continue making critical decisions based on incomplete or stale data, unaware that their digital nervous system has developed gaps in coverage.
October 28, 2025
Beyond the silicon: Why monitoring the infrastructure powering AI is critical to ROI
The AI gold rush has arrived, and organizations worldwide are making unprecedented investments in cutting-edge accelerator hardware. GPU clusters worth millions of dollars are being deployed at breakneck speed, with companies betting their competitive futures on these silicon powerhouses. Yet beneath the excitement of acquiring the latest H100s or MI300s lies a sobering reality: the most expensive part of your AI investment isn’t the initial purchase—it’s ensuring that hardware delivers value every single moment it’s operational.
Tag: okta
June 16, 2025
Leveraging Okta logs for improved security monitoring
Most corporate environments require a login, and Identity and Access Management (IAM) is a solution that helps manage that process in different ways. IAM ensures that only the necessary people can access the relevant IT resources.
Each user, device or service is assigned a unique digital identity. So, when an employee logs into a company system, IAM confirms that person’s identity. This might involve a login/password check, multi-factor authentication, or both.
Tag: opentelemetry
March 9, 2026
Beyond basic ingestion: Advanced OpenTelemetry data processing with NXLog
Most discussions about OpenTelemetry pipelines focus on getting data from point A to point B. Collect telemetry, maybe convert the format, forward it to a backend. That’s the minimum viable pipeline, and it’s where most tooling stops.
But a pipeline that only moves data is a pipe, not a processing layer. The telemetry arriving at your observability platform or SIEM is only as useful as the context it carries. A raw log entry saying "connection from 198.
March 5, 2026
How NXLog simplifies your OpenTelemetry journey
OpenTelemetry has become the de facto standard for telemetry data. Nearly 50% of surveyed cloud-native end-user companies have adopted it, and the project ranks as the second-highest-velocity initiative in the CNCF, behind only Kubernetes. The direction is clear: if your infrastructure doesn’t speak OpenTelemetry, it will increasingly be left out of the observability conversation.
But adopting OpenTelemetry across an entire infrastructure is a different problem than adopting it in a greenfield application.
February 26, 2026
Security dashboards go dark: why visibility isn't optional, even when your defenses keep running
The SentinelOne outage showed why visibility isn’t optional—even when your defenses keep running.
On May 29, 2025, organizations running SentinelOne experienced something unsettling: their security controls kept working, but they couldn’t see what was happening.
A software flaw in SentinelOne’s infrastructure control system caused a global service disruption that lasted several hours. According to reports, the incident significantly impacted customers' ability to manage their security operations and access important data.
Tag: openvpn
September 18, 2025
From network event logs to insights: Visualizing OpenVPN logs with Elasticsearch and Kibana
At NXLog, we help customers solve real-world telemetry data challenges and bring value to the table with NXLog Platform. One of the recurring problems we see is that while network event logs contain a wealth of information, turning them into actionable insights isn’t straightforward. Security operations teams often struggle to make sense of these logs in a way that directly supports threat detection, response, and investigation.
A perfect example of this challenge is VPN logs.
Tag: optimization
June 24, 2025
Current challenges in log and telemetry data management
Today, most enterprises use a security log analytics solution or SIEM (Security Information & Event Management), but analytics are only as good as the data fed into your solution. If you’re missing data sources or are failing to extract full value from the data, you won’t see the big picture.
This is an issue new customers commonly mention to NXLog. That’s why one of our key goals is to provide a solid data collection layer that ensures all relevant data is collected and properly fed into the SIEM.
November 8, 2023
Three easy ways to optimize your Windows logs - Reduce cost, network load, and time
If you are capturing Windows Event Logs on a large scale, you know that the more logs you collect, the more resources you need. Thus, the more expensive your SIEM becomes. The main issue is a large amount of the log data you are sending to your SIEM contains no valuable information. This means you waste a sizable portion of your cost on what the industry calls “log noise”.
Tag: ot
June 8, 2023
Industrial cybersecurity - The facts
In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition.
Two years later, we still have no details on the malicious actor.
Tag: our-customers-asked
April 21, 2023
Our customers asked - Execution of powershell scripts inside NXLog Exec modules
PowerShell scripts can be used with NXLog for generating, processing, and forwarding logs, as well as for generating configuration content. In this article, we will take a look at how to execute PowerShell directly from NXLog.
You can run a PowerShell script in multiple NXLog instances without using any PowerShell script file, and is achievable through having the script code directly in NXLog’s exec modules. This is ideal because if you need to make any change to the script, it’s easier to modify just the NXLog module rather than change the script on every computer used.
February 20, 2023
Our customers asked - Collecting Windows DNS resolved address with NXLog
Windows DNS Server log collection is essential yet complex, primarily because Windows DNS Server provides logs in various places in different forms containing a vast amount of information. Nevertheless, we all know that DNS Server log collection is paramount in IT security. Getting it right can be challenging.
The Windows DNS Server section in the NXLog user guide offers a comprehensive guide on collecting log records from a Windows DNS Server.
February 6, 2023
Our customers asked - How to start an NXLog module with a delay?
There are several reasons you might want to start a particular NXLog module with a delay. You can think of it like delaying the start of a Windows service. In most cases, you need to do this for performance reasons. But there might be other scenarios where you would want to do this, such as collecting logs during a specific time frame. If you have, for example, a less critical module block, you can prioritize the more important one by delaying the less important one.
January 31, 2023
Our customers asked - Input stream EPS tracking with NXLog
This post is the first in a series of answers to questions that our customers asked.
Clarifying EPS EPS stands for Events Per Second and is considered a standard for measuring the speed of event processing. More precisely, it tells how many events can flow through a particular system in a second. In our case, the number relates to how many events NXLog receives, handles, and outputs in one second.
Tag: pci-dss
August 2, 2023
PCI DSS 4.0 compliance: Logging requirements and best practices
With PCI DSS 4.0, logging plays an even more critical role in safeguarding cardholder data. In this post, we’ll break down the key PCI DSS logging requirements, explore best practices for log retention and monitoring, and highlight key areas where NXLog Platform can help you stay secure and compliant.
What is PCI DSS? PCI DSS, or Payment Card Industry Data Security Standard, is a collection of security requirements developed by major credit card companies to safeguard merchants who accept credit card payments by ensuring they provide a secure environment.
Tag: performance
September 30, 2025
Gaining valuable host performance metrics with NXLog Platform
What are performance metrics and why are they important? IT and security systems don’t just generate logs; they also produce extremely valuable performance data that helps ensure the health and stability of your business infrastructure. Host-level performance metrics provide visibility into key resources, such as:
CPU usage — Helps identify over-utilization, process bottlenecks, or underused resources.
Memory usage — Indicates whether applications are consuming excessive RAM or leaking memory over time.
Tag: perl
August 3, 2022
Send email alerts from NXLog using Python, Perl, or Ruby
NXLog is a versatile log collector that easily integrates with other software, platforms, and programming languages. Out-of-the-box it supports integration with many third-party solutions through its input, output, and extension modules. Moreover, extending NXLog with custom functionality is as easy as writing an application or script in your favorite programming language and loading it from the configuration.
Email notifications of events indicating potential security breaches or severe application errors are a standard procedure for IT admins and DevOps engineers.
Tag: platform
February 23, 2026
Announcing NXLog Platform 1.11
We are happy to announce the latest release of NXLog Platform, version 1.11. This version focuses on operational visibility and compliance, smoother troubleshooting, and improved security and access controls.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Monitor data volume in the NXLog Platform UI You can now monitor the volume of inbound and outbound data flowing through your agents directly in the NXLog Platform UI, either from the agent statistics view or via the data flow visualization.
December 11, 2025
Announcing NXLog Platform 1.10
We are happy to announce the latest release of NXLog Platform, version 1.10. This update introduces streamlined TLS certificate management, broader operating system support, and simplified agent configuration. It will now be even faster and easier to deploy and operate your telemetry pipeline.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Centrally managed certificates for data destinations NXLog Platform 1.
October 22, 2025
Announcing NXLog Platform 1.9
We are happy to announce the latest release of NXLog Platform, version 1.9. This version transforms how you manage observability by combining metrics and logs in one platform, optimizing agent management workflows, and enabling enterprise-grade deployments for modern infrastructures.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Metrics made simple NXLog Platform provides built-in support for all types of telemetry data, including metrics.
September 12, 2025
Announcing NXLog Platform 1.8
We are happy to announce the latest release of NXLog Platform, version 1.8. This release is packed with improvements to give you deeper insights into your telemetry pipeline and infrastructure, expand compatibility, and enhance the user experience.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Agent metrics for telemetry pipeline observability The new Internal Metrics module supports collecting agent metrics, simplifying data flow and agent health monitoring.
June 25, 2025
Announcing NXLog Platform 1.7
We are happy to announce the latest release of NXLog Platform, version 1.7. This release introduces key enhancements focused on the usability and performance of the log discovery UI, as well as the SMTP integration with Microsoft 365. Read on for more details about these updates.
Improved log discovery NXLog Platform 1.7 introduces the beta release of a new log discovery UI with significant improvements in usability and performance:
April 22, 2025
Announcing NXLog Platform 1.6
We are happy to announce the latest release of NXLog Platform, version 1.6. This release brings several key improvements, changes, and fixes to aid usability, security, and performance. Our team has introduced changes to improve integration with third-party technologies, made packaging adjustments, and enhanced the configuration workflow. Below, we highlight the most significant changes.
Enhanced configuration editor The configuration editor in NXLog Platform has been improved with better syntax highlighting, more accurate error detection, and smarter input suggestions when operating in text mode.
February 27, 2025
Announcing NXLog Platform 1.5
We are happy to announce the latest release of NXLog Platform, version 1.5. This release brings several key improvements, changes, and fixes to aid usability, security, and performance. Our team is introducing a major change to log storage, adjustments in log retention settings, and expanded authentication options. Below, we highlight the most significant changes.
Enhanced data storage with ClickHouse NXLog Platform 1.5 introduces a major upgrade to its data storage using ClickHouse, enhancing scalability and resilience while optimizing log storage and retrieval efficiency.
December 20, 2024
Announcing NXLog Platform 1.4
We are happy to announce the latest release of NXLog Platform, version 1.4. This release adds new features and bug fixes, including the ones highlighted below.
Improved agent onboarding This release includes a new enhanced agent onboarding wizard. The process is much simpler yet achieves much more than the previous version. The new method incorporates everything you need to install, configure, and enroll your agents in five simple, easy-to-follow steps.
October 25, 2024
Announcing NXLog Platform 1.3
We proudly announce the latest release of NXLog Platform, version 1.3. This release adds new features and bug fixes, including the ones highlighted below.
Improved installation and configuration The installation processes for NXLog Platform and NXLog Agent received the following configuration improvements:
You can now configure the NXLog Platform hostname and specify a label when running the NXLog Agent installer to ease automatic enrollment and agent configuration. This configuration is available on Windows, Debian/Ubuntu, Red Hat Enterprise Linux, and macOS.
Tag: prometheus
October 20, 2025
From web server logs to metrics: Visualizing NGINX logs with Prometheus and Grafana
When users start reporting slow responses or intermittent errors from your web applications, your first go-to is your web server logs. But did you know those same logs can provide more than just troubleshooting clues? When analyzed with the right tools, they give system administrators and DevOps teams real-time visibility into your web environment, enabling them to monitor web servers proactively, rather than reactively.
In this post, we’re going to show you how you can uncover web server performance issues and potential attacks early on by collecting NGINX access logs with NXLog Agent, transforming them into Prometheus metrics, and visualizing them with Grafana.
September 30, 2025
Gaining valuable host performance metrics with NXLog Platform
What are performance metrics and why are they important? IT and security systems don’t just generate logs; they also produce extremely valuable performance data that helps ensure the health and stability of your business infrastructure. Host-level performance metrics provide visibility into key resources, such as:
CPU usage — Helps identify over-utilization, process bottlenecks, or underused resources.
Memory usage — Indicates whether applications are consuming excessive RAM or leaking memory over time.
Tag: puppet
March 19, 2022
Deploying and managing NXLog with Puppet
Puppet Bolt is an open-source orchestration tool that automates the manual configuration and management of your infrastructure.
In this post, we will look at how you can create your Puppet Bolt project directory, your inventory YAML file, and finally, your Puppet Bolt Plan to deploy NXLog on a variety of Operating Systems.
Why use Puppet Bolt to deploy NXLog? Apart from the usual tasks of updating software packages, configuring web servers and databases, the need for constant logging has become extremely important, and a de facto necessity nowadays.
Tag: python
August 3, 2022
Send email alerts from NXLog using Python, Perl, or Ruby
NXLog is a versatile log collector that easily integrates with other software, platforms, and programming languages. Out-of-the-box it supports integration with many third-party solutions through its input, output, and extension modules. Moreover, extending NXLog with custom functionality is as easy as writing an application or script in your favorite programming language and loading it from the configuration.
Email notifications of events indicating potential security breaches or severe application errors are a standard procedure for IT admins and DevOps engineers.
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
Tag: radius
June 26, 2024
Onboarding Microsoft NPS logs
For those of us who manage network authentication and authorization, RADIUS is a familiar term. This protocol was introduced in the last century, and many of us from those days still remember the old-school diagrams, which surprisingly remain on the Cisco Systems website today.
Figure 1. Interaction between dial-in user requests, the RADIUS client and server © Cisco RADIUS, which stands for Remote Authentication Dial-In User Service, was developed to address a specific challenge.
Tag: raijin
August 9, 2022
Raijin vs Elasticsearch
Log collection is most closely linked to enterprise security practices—for example, aggregation and analysis in a SIEM. However, collecting certain logs for reasons other than security is often valuable. It may even be a requirement of your organization for the purposes of auditing, legal compliance, or data retention.
Storing all these logs in a database is the most efficient way to manage the data. Finding and managing logs stored as flat files or structured data can be challenging without a database.
February 22, 2022
NXLog Community Edition support for Raijin Database
Last month saw the release of NXLog Community Edition version 3.0. One of the major new features in this release is the added support for sending log data to Raijin Database. This feature opens up exciting possibilities for implementing a custom centralized log collection and storage solution.
What is Raijin Database? Raijin Database is a free-of-charge schemaless database engine explicitly designed to store data for analytics efficiently. The fact that it does not require you to define a schema up-front makes it well suited for storing event logs from diverse sources containing different types of information in a structured format.
July 29, 2021
Using Raijin Database Engine to aggregate and analyze Windows security events
In this post, we will look at how to use Raijin Database Engine as a backend in a centralized logging environment for collecting and aggregating Windows security events. We will also show you how to integrate Raijin with an open source data exploration tool. Finally, you will see how you can track suspicious network activity and identify specific types of intrusion on Windows hosts using these tools.
A low-cost, lean and mean data discovery solution Although the combination of tools we present here cannot compete with a full-fledged SIEM solution, they do offer quite a few advantages for security analysts who need a responsive, highly customizable data discovery solution that accepts ad hoc SQL.
Tag: raijin-database
May 31, 2024
Raijin announces release of version 2.1
Raijin has announced the release of version 2.1 of its powerful, schemaless SQL-like database engine. This focuses on performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Performance improvements As mentioned, this release focused on optimizing the performance of partitioned database tables. Partitioned tables store data in separate locations with their own set of metadata based on the values present in the data.
March 14, 2024
Raijin announces release of version 2.0
Raijin has announced the release of version 2.0 of its powerful, schemaless SQL-like database engine. This version introduces several performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Enhanced table partitioning Table partitioning is a key factor in database management, improving query performance by only searching through relevant information and optimizing storage by efficiently pruning irrelevant content.
January 26, 2024
Raijin announces release of version 1.5
Raijin has announced the release of version 1.5 of its powerful, schemaless SQL-like database engine. This version introduces several performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Centralized storage for simpler management Until now, Raijin stored various stateful files in different locations across the system, requiring additional effort to keep track of that content. Raijin has now been refactored to use /data as the base directory.
December 12, 2023
Raijin announces release of version 1.4
Raijin has announced the release of version 1.4 of its powerful, schemaless SQL-like database engine. This version introduces new functionality for managing users and views, among several fixes and performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Improved user management This release builds on the previous one to provide better user management and auditing. With the SHOW USERS command, you can now retrieve a list of your Raijin users and their authentication type.
October 6, 2023
Raijin announces release of version 1.3
Raijin has announced the release of version 1.3 of its powerful, schemaless SQL-like database engine. This version implements user authentication and permissions and focuses on enhancing performance and robustness.
New user authentication and permissions This release introduces certificate and password-based user authentication and granular user permissions. You can grant permissions at the database or table level with support for the following privileges:
ALL PRIVILEGE (superuser)
CREATE
SELECT
INSERT
DROP
August 11, 2023
Raijin announces release of version 1.2
Raijin has announced the release of version 1.2 of its powerful, schemaless SQL-like database engine. This version introduces significant performance improvements and usability enhancements.
Faster data ingestion and query performance This release optimizes data ingestion by introducing partial parallelization. Raijin Database now parses and inserts batches of data simultaneously, resulting in up to 15% faster ingestion.
The team also addressed bottlenecks in the SELECT and COPY statements and implemented several optimizations to improve overall query performance.
May 30, 2023
Raijin announces release of version 1.1
Raijin has announced the release of version 1.1 of its powerful, schemaless SQL-like database engine. Many new features have been added to version 1.1.
Let’s take a look at the highlights.
Prometheus exporter improvements Introduced disk usage statistics - Disk usage statistics about free space availability and file system size were introduced.
Introduced query statistics - Event and query statistics were introduced in the Prometheus exporter. The following statistics can be queried:
March 9, 2023
Raijin announces release of version 1.0
Raijin has announced the release of version 1.0 of its powerful schemaless SQL database engine, furthering its goal of "solving schema rigidity" in modern databases. Many new features have been added to this version 1.0 milestone release.
Let’s take a look at some of the headline features.
The power of SQL without the drawbacks SQL has been the titan of database query languages for decades, and it is still ubiquitous the world over.
Tag: rdp
May 15, 2025
Remote Desktop logs – A comprehensive guide to RDP logging and monitoring
Monitoring and centralizing Remote Desktop logs is critical for IT security, compliance, and operational efficiency, and NXLog Platform makes it simple and scalable.
Remote Desktop Protocol (RDP) is a powerful Windows feature that allows users to access a computer remotely over the network. While convenient and widely used, it’s also a potential entry point for attackers. Understanding how to check and analyze RDP connection logs can help detect unauthorized access, troubleshoot issues, and maintain system integrity.
Tag: red-hat
January 13, 2021
NXLog Containers were certified by Red Hat
Applications are getting more and more complex. The demand to develop them faster is ever-increasing. This puts stress on organizations’ processes, infrastructure, and the IT teams that support them.
Modern Container technology helps to alleviate issues faster across multiple environments. Linux containers are another evolutionary leap in how applications are developed, deployed, and managed. These containers are based on stable Red Hat Enterprise Linux images that have no adverse effects on your current IT infrastructure.
Tag: regulations
August 9, 2023
The Sarbanes-Oxley (SOX) Act and security observability
SOX - an overview Serious financial fraud was never considered a real risk while investing in U.S.-listed stocks until 2001, when energy giant Enron Corporation, which held $63.4 billion in assets, collapsed. It was revealed that the company had been misleading investors for years and the company’s stock price quickly plummeted from $90 to less than $1 per share. It was the largest bankruptcy in US history, followed by a $40 billion lawsuit and imprisonment for the corporation’s executives.
July 19, 2023
HIPAA logging requirements and how to ensure compliance
The U.S. Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 to protect the privacy and security of health information. HIPAA’s Privacy, Security, and Breach Notification rules require healthcare providers and their partners to protect electronic protected health information (ePHI) through robust access controls, breach reporting, and documentation practices.
A critical part of this compliance effort involves maintaining detailed audit logs that track who accessed, modified, or disclosed PHI, and retaining HIPAA logs for at least six years.
Tag: release
May 31, 2024
Raijin announces release of version 2.1
Raijin has announced the release of version 2.1 of its powerful, schemaless SQL-like database engine. This focuses on performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Performance improvements As mentioned, this release focused on optimizing the performance of partitioned database tables. Partitioned tables store data in separate locations with their own set of metadata based on the values present in the data.
March 14, 2024
Raijin announces release of version 2.0
Raijin has announced the release of version 2.0 of its powerful, schemaless SQL-like database engine. This version introduces several performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Enhanced table partitioning Table partitioning is a key factor in database management, improving query performance by only searching through relevant information and optimizing storage by efficiently pruning irrelevant content.
January 26, 2024
Raijin announces release of version 1.5
Raijin has announced the release of version 1.5 of its powerful, schemaless SQL-like database engine. This version introduces several performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Centralized storage for simpler management Until now, Raijin stored various stateful files in different locations across the system, requiring additional effort to keep track of that content. Raijin has now been refactored to use /data as the base directory.
December 12, 2023
Raijin announces release of version 1.4
Raijin has announced the release of version 1.4 of its powerful, schemaless SQL-like database engine. This version introduces new functionality for managing users and views, among several fixes and performance improvements.
Read on for the highlights and check out the Raijin release notes for a complete list of the features and improvements.
Improved user management This release builds on the previous one to provide better user management and auditing. With the SHOW USERS command, you can now retrieve a list of your Raijin users and their authentication type.
October 6, 2023
Raijin announces release of version 1.3
Raijin has announced the release of version 1.3 of its powerful, schemaless SQL-like database engine. This version implements user authentication and permissions and focuses on enhancing performance and robustness.
New user authentication and permissions This release introduces certificate and password-based user authentication and granular user permissions. You can grant permissions at the database or table level with support for the following privileges:
ALL PRIVILEGE (superuser)
CREATE
SELECT
INSERT
DROP
August 11, 2023
Raijin announces release of version 1.2
Raijin has announced the release of version 1.2 of its powerful, schemaless SQL-like database engine. This version introduces significant performance improvements and usability enhancements.
Faster data ingestion and query performance This release optimizes data ingestion by introducing partial parallelization. Raijin Database now parses and inserts batches of data simultaneously, resulting in up to 15% faster ingestion.
The team also addressed bottlenecks in the SELECT and COPY statements and implemented several optimizations to improve overall query performance.
May 30, 2023
Raijin announces release of version 1.1
Raijin has announced the release of version 1.1 of its powerful, schemaless SQL-like database engine. Many new features have been added to version 1.1.
Let’s take a look at the highlights.
Prometheus exporter improvements Introduced disk usage statistics - Disk usage statistics about free space availability and file system size were introduced.
Introduced query statistics - Event and query statistics were introduced in the Prometheus exporter. The following statistics can be queried:
March 9, 2023
Raijin announces release of version 1.0
Raijin has announced the release of version 1.0 of its powerful schemaless SQL database engine, furthering its goal of "solving schema rigidity" in modern databases. Many new features have been added to this version 1.0 milestone release.
Let’s take a look at some of the headline features.
The power of SQL without the drawbacks SQL has been the titan of database query languages for decades, and it is still ubiquitous the world over.
Tag: release-announcement
April 20, 2023
Announcing NXLog Community Edition 3.2
We’re glad to announce the latest release of NXLog Community Edition. This release mainly fixes an issue where the file_name() function returns an unknown error.
We’ve also stopped officially supporting the Android mobile operating system.
Get in touch with our team if you have any questions, or request a free trial of our flagship log collection solution, NXLog Enterprise Edition, below.
NXLog Platform is an on-premises solution for centralized log management with versatile processing forming the backbone of security monitoring.
Tag: releases
February 23, 2026
Announcing NXLog Platform 1.11
We are happy to announce the latest release of NXLog Platform, version 1.11. This version focuses on operational visibility and compliance, smoother troubleshooting, and improved security and access controls.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Monitor data volume in the NXLog Platform UI You can now monitor the volume of inbound and outbound data flowing through your agents directly in the NXLog Platform UI, either from the agent statistics view or via the data flow visualization.
December 11, 2025
Announcing NXLog Platform 1.10
We are happy to announce the latest release of NXLog Platform, version 1.10. This update introduces streamlined TLS certificate management, broader operating system support, and simplified agent configuration. It will now be even faster and easier to deploy and operate your telemetry pipeline.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Centrally managed certificates for data destinations NXLog Platform 1.
October 22, 2025
Announcing NXLog Platform 1.9
We are happy to announce the latest release of NXLog Platform, version 1.9. This version transforms how you manage observability by combining metrics and logs in one platform, optimizing agent management workflows, and enabling enterprise-grade deployments for modern infrastructures.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Metrics made simple NXLog Platform provides built-in support for all types of telemetry data, including metrics.
September 12, 2025
Announcing NXLog Platform 1.8
We are happy to announce the latest release of NXLog Platform, version 1.8. This release is packed with improvements to give you deeper insights into your telemetry pipeline and infrastructure, expand compatibility, and enhance the user experience.
Want a quick overview? Watch a short demo showcasing the new features in this release:
Read on for more details about these updates.
Agent metrics for telemetry pipeline observability The new Internal Metrics module supports collecting agent metrics, simplifying data flow and agent health monitoring.
June 25, 2025
Announcing NXLog Platform 1.7
We are happy to announce the latest release of NXLog Platform, version 1.7. This release introduces key enhancements focused on the usability and performance of the log discovery UI, as well as the SMTP integration with Microsoft 365. Read on for more details about these updates.
Improved log discovery NXLog Platform 1.7 introduces the beta release of a new log discovery UI with significant improvements in usability and performance:
April 22, 2025
Announcing NXLog Platform 1.6
We are happy to announce the latest release of NXLog Platform, version 1.6. This release brings several key improvements, changes, and fixes to aid usability, security, and performance. Our team has introduced changes to improve integration with third-party technologies, made packaging adjustments, and enhanced the configuration workflow. Below, we highlight the most significant changes.
Enhanced configuration editor The configuration editor in NXLog Platform has been improved with better syntax highlighting, more accurate error detection, and smarter input suggestions when operating in text mode.
February 27, 2025
Announcing NXLog Platform 1.5
We are happy to announce the latest release of NXLog Platform, version 1.5. This release brings several key improvements, changes, and fixes to aid usability, security, and performance. Our team is introducing a major change to log storage, adjustments in log retention settings, and expanded authentication options. Below, we highlight the most significant changes.
Enhanced data storage with ClickHouse NXLog Platform 1.5 introduces a major upgrade to its data storage using ClickHouse, enhancing scalability and resilience while optimizing log storage and retrieval efficiency.
December 20, 2024
Announcing NXLog Platform 1.4
We are happy to announce the latest release of NXLog Platform, version 1.4. This release adds new features and bug fixes, including the ones highlighted below.
Improved agent onboarding This release includes a new enhanced agent onboarding wizard. The process is much simpler yet achieves much more than the previous version. The new method incorporates everything you need to install, configure, and enroll your agents in five simple, easy-to-follow steps.
October 25, 2024
Announcing NXLog Platform 1.3
We proudly announce the latest release of NXLog Platform, version 1.3. This release adds new features and bug fixes, including the ones highlighted below.
Improved installation and configuration The installation processes for NXLog Platform and NXLog Agent received the following configuration improvements:
You can now configure the NXLog Platform hostname and specify a label when running the NXLog Agent installer to ease automatic enrollment and agent configuration. This configuration is available on Windows, Debian/Ubuntu, Red Hat Enterprise Linux, and macOS.
June 20, 2024
Announcing NXLog Enterprise Edition 5.11
We are excited to announce the release of NXLog Enterprise Edition 5.11. This latest version introduces two new features and addresses over twenty important issues, including two of the most significant which are highlighted in this announcement.
Key enhancements in NXLog Enterprise Edition 5.11 Support for new macOS ES events NXLog Enterprise Edition 5.11 now supports the events introduced by version 13 of the macOS Endpoint Security (ES) API. Check the official Apple documentation for the most up-to-date list of events supported by the macOS ES API.
May 13, 2024
Announcing NXLog Enterprise Edition 6.3
We proudly announce the latest release of NXLog Enterprise Edition, version 6.3. This release adds new features and bug fixes, including the ones highlighted below.
Support for parsing DTS Compliant logs from Microsoft Network Policy Server (NPS) The xm_nps extension module now supports parsing the newest DTL Compliant log format from Microsoft NPS.
The module can now automatically parse all NPS log types, including legacy ODBC and IAS, without you having to specify the log type when configuring the module.
December 21, 2023
Announcing NXLog Enterprise Edition 5.10
We are excited to announce the release of NXLog Enterprise Edition 5.10. This latest version addresses over twenty important issues - the two most significant are mentioned in this announcement - and introduces two features backported from NXLog Enterprise Edition 6.
Key enhancements in NXLog Enterprise Edition 5.10 ElasticSearch integration NXLog Enterprise Edition 5.10 now allows ElasticSearch users to send data as a stream. This feature enables the storage of events in an append-only, single-named manner, enhancing data management and retrieval efficiency.
December 4, 2023
Announcing NXLog Enterprise Edition 6.2
We proudly announce the latest release of NXLog Enterprise Edition, version 6.2. This release adds some new features and includes bug fixes and stability enhancements.
File and folder symlink support In this release, the primary focus was on adding uniform support for file and folder symlinks. The new development affects the im_file and im_fim modules when collecting logs from files, and when using File Integrity Monitoring. The new feature is available to use with the newly introduced directive FollowSymlink.
November 3, 2023
Announcing NXLog Manager 5.7
We are pleased to announce the latest release of NXLog Manager, version 5.7. This release addresses several CVE issues, adds support for NXLog’s Microsoft Azure modules, and provides an updated Docker image.
Read on to find out more about these new features.
A more secure NXLog Manager This version addresses multiple known Common Vulnerabilities and Exposures (CVE), reducing the attack surface in our customers' systems. See the release notes for a complete list of corrected CVEs.
October 20, 2023
Announcing NXLog Enterprise Edition 6.1
We proudly announce the latest release of NXLog Enterprise Edition, version 6.1. This release adds new features to our Google Chronicle and Kafka output modules to provide more flexible configuration, introduces support for certificates with TPM-attested keys, and implements enhancements to our HTTP input module.
Read on to find out more about these new features.
More flexibility for your Google Chronicle integration We continue to build up our Google Chronicle output module with new functionality to give you more flexibility and control over your data.
September 11, 2023
Announcing NXLog Enterprise Edition 6.0
We proudly announce the latest release of NXLog Enterprise Edition, version 6.0. This major release includes new NXLog language data types, additional TCP and HTTP configuration options, and enhancements to our Elasticsearch and remote administration modules. It will help you improve data integration and handling, enhance manageability, and increase cost efficiency.
Empower your data integration with new "Array" and "Hash" data types As the NXLog configuration language now supports compound values with Array and Hash data types, you can enhance data integrity and coherence.
June 20, 2023
Announcing NXLog Enterprise Edition 5.9
We are proud to announce the latest release of NXLog Enterprise Edition, version 5.9. This release focuses on bringing you new supported platforms and configuration options.
Read on to find out more about some of these new features.
Added protocols to network packet capture information Our administrative module (xm_admin) now returns a list of protocols configured in a packet capture (im_pcap) instance when you request server or module information. This allows you to track, count, and report on the network protocols you are monitoring.
April 24, 2023
Announcing NXLog Enterprise Edition 5.8
We are proud to announce the latest release of NXLog Enterprise Edition, version 5.8. Our newest release includes new modules, better integrations, and additional metrics to collect across your organization.
Read on to find out more about some of these new features.
Native Salesforce module We’ve built a new native module (im_salesforce) for ingesting logs from Salesforce. With this, you no longer have to run an external Python-based Add-On script.
January 20, 2023
Announcing NXLog Enterprise Edition 5.7
New year, new NXLog Enterprise Edition.
Our developers have been hard at work throughout the holiday season to release the latest version of our flagship log collection solution. We are proud to announce NXLog Enterprise Edition 5.7, which includes bug fixes, security updates, and, of course, many new features.
Read on to find out more about some of these new features.
Native support for Google Cloud Logging, Amazon S3, and Microsoft 365 Google Cloud Logging, Amazon S3, and Microsoft 365 integrations were already available as Add-Ons to NXLog Enterprise Edition.
Tag: reliability
February 2, 2022
Reliable delivery of logs - can you trust TCP?
When considering your log collection strategy, a decision you have to make is which transport protocol to use to transfer logs from source to destination. The choice is often between the two most commonly used protocols, UDP (User Datagram Protocol) and TCP (Transfer Control Protocol). Which one to use depends on the type of logs you need to transfer, and whether performance or reliability is more important.
This blog post will compare these protocols, discuss why TCP is usually the preferred choice, and provide some options to further increase log delivery reliability with NXLog Enterprise Edition.
Tag: review
December 18, 2025
2025 and NXLog - a recap
As the new year looms large, we at NXLog are ready for one of the season’s most cherished traditions: reflecting on the year that ends. Coming off a 2024 that was centered on the NXLog Platform release, our 2025 was built on our analysis of the current state of the telemetry landscape.
The main conclusion is that while telemetry data is essential for operations and security, 35% of organizations still struggle to collect it at scale.
December 19, 2024
2024 and NXLog - a review
As another year draws to a close, we at NXLog are ready for one of the season’s traditions: reflecting on the year that was. For NXLog, 2024 marked two significant milestones: celebrating 12 years of the Company’s journey and unveiling its most ambitious product to date: NXLog Platform.
NXLog Platform launch We couldn’t start a 2024 review in any other way. The launch of NXLog Platform was the culmination of a long process of envisioning, planning, and developing what we believe is a quantum leap in our log collection management solution.
December 22, 2023
2023 and NXLog - a review
It’s finally the holiday season, and we’re down to a skeleton staff here at NXLog. It’s nearly time for us to shut down our laptops, pick up a cup of hot chocolate (or mulled wine if we’re lucky), and get ready for a week or so of reading, relaxing, opening presents, perhaps coping with distant relatives, and all-around merry-making over the holiday period.
So we hope you’ll forgive us if we keep this recap of 2023 succinct.
Tag: rsyslog
December 12, 2025
rsyslog vs syslog-ng: Which is the right log shipper?
Well, no doubt logging is the nervous system of any IT infrastructure. From troubleshooting outages to satisfying compliance audits and threat management, having the right log management pipeline can make the difference between smooth operations and chaotic firefighting. For decades, syslog-ng and rsyslog have been two of the most widely used log management tools for Unix and Linux environments. Both provide implementations of the original 1980s syslog protocol and are designed to collect, process, and forward log messages across networks.
Tag: ruby
August 3, 2022
Send email alerts from NXLog using Python, Perl, or Ruby
NXLog is a versatile log collector that easily integrates with other software, platforms, and programming languages. Out-of-the-box it supports integration with many third-party solutions through its input, output, and extension modules. Moreover, extending NXLog with custom functionality is as easy as writing an application or script in your favorite programming language and loading it from the configuration.
Email notifications of events indicating potential security breaches or severe application errors are a standard procedure for IT admins and DevOps engineers.
Tag: scada
February 26, 2024
Digital substations and log collection
European electric power system operators supply around 2800 TWh of electricity per year and manage around 10 million kilometers of power lines - more than ten round trips to the Moon. Such electric travel is impossible without electric substations, an essential component of a power grid. Its automation becomes ultimately digitalized, so requires proper monitoring both for operational and security purposes. Let’s take a look at how a unified log collection pipeline embeds into power automation systems and helps make sure the lights stay on.
June 8, 2023
Industrial cybersecurity - The facts
In Feb 2021, a major cybersecurity incident was declared when a hacker gained malicious access to the water treatment system of Oldsmar, Florida. Officials said the hacker tried to increase the level of sodium hydroxide in the city’s water supply, putting thousands at risk of being poisoned. Fortunately, it was quickly confirmed that this potential terroristic act did not come to fruition.
Two years later, we still have no details on the malicious actor.
Tag: scheduled-start
February 6, 2023
Our customers asked - How to start an NXLog module with a delay?
There are several reasons you might want to start a particular NXLog module with a delay. You can think of it like delaying the start of a Windows service. In most cases, you need to do this for performance reasons. But there might be other scenarios where you would want to do this, such as collecting logs during a specific time frame. If you have, for example, a less critical module block, you can prioritize the more important one by delaying the less important one.
Tag: scm
March 19, 2022
Deploying and managing NXLog with Puppet
Puppet Bolt is an open-source orchestration tool that automates the manual configuration and management of your infrastructure.
In this post, we will look at how you can create your Puppet Bolt project directory, your inventory YAML file, and finally, your Puppet Bolt Plan to deploy NXLog on a variety of Operating Systems.
Why use Puppet Bolt to deploy NXLog? Apart from the usual tasks of updating software packages, configuring web servers and databases, the need for constant logging has become extremely important, and a de facto necessity nowadays.
March 1, 2022
Deploying and managing NXLog with Ansible
Ansible has become an industry standard when it comes to configuring and managing servers. As a configuration management tool, it carries the burden of simplifying system administration tasks, such as installing and updating software packages, and infrastructure provisioning. In this post, we will create an Ansible playbook that will enable us to automate the installation and configuration of NXLog across multiple endpoints. Whether you need only a single endpoint today or thousands of endpoints next week, Ansible will do the heavy lifting for you.
Tag: security
December 10, 2025
Identity and Access Management (IAM): Guide for 2026
Imagine a typical company: employees join, they move between offices and departments, then they leave. Each of these changes requires a systems access update for email, databases, internal tools, and more. Manually managing these transitions can be burdensome and error-prone. And where you have errors, you have inefficiencies and exposure to security breaches — neither of which is good for your business.
This is where Identity and Access Management (IAM) comes in.
June 16, 2025
Leveraging Okta logs for improved security monitoring
Most corporate environments require a login, and Identity and Access Management (IAM) is a solution that helps manage that process in different ways. IAM ensures that only the necessary people can access the relevant IT resources.
Each user, device or service is assigned a unique digital identity. So, when an employee logs into a company system, IAM confirms that person’s identity. This might involve a login/password check, multi-factor authentication, or both.
July 25, 2024
The CrowdStrike incident and how the NXLog agent operates
Automatic updates are recommended by many vendors as they are considered essential for safeguarding against security threats and maintaining system performance. Updates not only enhance security but also deliver bug fixes and new features, contributing to improved user experience. Software updates, however, come with the inherent risk of breaking existing functionality and can potentially interfere with other software or the operating system itself causing unintended side effects. Automatic updates that the user has no control over escalate the risk further.
June 26, 2024
Onboarding Microsoft NPS logs
For those of us who manage network authentication and authorization, RADIUS is a familiar term. This protocol was introduced in the last century, and many of us from those days still remember the old-school diagrams, which surprisingly remain on the Cisco Systems website today.
Figure 1. Interaction between dial-in user requests, the RADIUS client and server © Cisco RADIUS, which stands for Remote Authentication Dial-In User Service, was developed to address a specific challenge.
May 26, 2023
How to monitor file access in Windows
File access auditing is the process of tracking who reads, modifies, or deletes files on a system, providing a record of user activity for security and compliance purposes. On Windows systems, this is especially important for monitoring sensitive or business-critical files, such as financial records, HR data, or confidential customer information, where unauthorized access could result in a data breach or regulatory violation.
In this post, I’ll show you how to enable file access auditing on Windows and use NXLog Agent to collect and forward file access events to help you protect sensitive data and meet compliance requirements.
May 9, 2023
BROP attacks - What is it and how to defend yourself?
Have you ever locked yourself out of your car? After calling for roadside service, your tow truck driver forces the internal locking mechanism open with a slim-jim. Car thieves quickly discovered this technique and began using it to steal cars. Digital thieves have devised a similar attack called a Blind Return-Oriented Programming (Blind ROP, or just BROP) attack. It’s as quiet as a jackhammer on cement, but an attacker can open a remote shell and gain remote code execution on your server if the conditions are right.
September 30, 2022
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
August 10, 2022
NXLog in an industrial control security context
Industrial Control Systems (ICS) have evolved over the years and now have a lot in common with traditional IT systems. Low-cost Ethernet and IP devices are replacing older, proprietary technology, which opens up new possibilities to improve connectivity and remote access. However, it also increases vulnerability to cyberattacks and incidents since the system is no longer segregated. Due to the nature of ICS, they differ from other IT systems. A compromised system can cause severe damage to the environment, incur substantial financial and production losses, and negatively impact an entire nation.
Tag: security-log-management
July 22, 2025
Security Event Logs: Importance, best practices, and management
Understanding security event logs for stronger cybersecurity.
Whether a multinational corporation or a small business, organizations face ever-increasing risks of data theft, insider threats, and system intrusions. In 2025, the security landscape is further complicated by the growing influence of artificial intelligence, as cybercriminals are leveraging AI to enhance the sophistication and scale of attacks. One of the most powerful tools for detecting and responding to attacks is the humble security event logs.
Tag: security-logging
June 28, 2022
Security logging on Windows - beyond 4625
As a security administrator, you may be inclined to focus on the Windows Security log within Windows Event Log. You might even go as far as filtering for specific event IDs, such as EventID 4625 (failed logon request), while forgetting there is much more to security logging on Windows than this single log source.
The consequence of this narrow field of view is that you are not benefitting from the valuable information that other Event IDs used for security audit policies can offer.
Tag: security-logs
July 22, 2025
Security Event Logs: Importance, best practices, and management
Understanding security event logs for stronger cybersecurity.
Whether a multinational corporation or a small business, organizations face ever-increasing risks of data theft, insider threats, and system intrusions. In 2025, the security landscape is further complicated by the growing influence of artificial intelligence, as cybercriminals are leveraging AI to enhance the sophistication and scale of attacks. One of the most powerful tools for detecting and responding to attacks is the humble security event logs.
July 15, 2021
Top 5 Windows Security logs everyone should collect
It goes without saying that across your business infrastructure, there should be a commitment to protect not only the hardware and software assets, but the plethora of data that is transmitted through and stored in it. However, to successfully safeguard such data, it is imperative to have an effective audit policy in place that includes the collection of security events as its essential component.
Windows provides a wealth of security logs that are visible in the built-in Security channel of Event Viewer.
Tag: security-risk
September 30, 2022
Assertive compliance - using frameworks to extend your coverage
So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.
February 3, 2020
Insufficient logging and monitoring, TOP 10 security risk
"The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications."
In this article these top security risks discussed in the context of log collection.
OWASP API security top 10 most critical API security risks APIs are a critical part of modern technologies - from SaaS and web consumer applications to enterprise deployments.
Tag: siem
January 6, 2025
How to choose a log management solution
Logs play a critical role in IT infrastructure, and choosing the right log management solution is key to effective operations. This guide explores the core principles for selecting a solution that aligns with your log collection and management needs. Given the wide range of options available, we categorize them into three main groups for clarity.
End-to-end Log Management Solutions
Security Information & Event Management (SIEM)
Application Performance Monitoring and Observability (APM)
February 13, 2023
Avoid vendor lock-in and declare SIEM independence
The global Security Information and Event Management (SIEM) market is big business. In 2022, it was valued at $5.2 billion, with analysts projecting that it will reach $8.5 billion dollars within five years.
It’s a highly consolidated market dominated by a few major players in the information security field. They want your business, and they don’t want to lose it.
As companies ship more and more data to their respective solutions and make use of more and more features, they become specialized and dependent on a vendor.
May 30, 2022
Collecting kernel events with NXLog for analysis in the Elastic stack
It is known that measuring performance is one of the most challenging tasks in system administration. It requires proper configuration and a good understanding of the results. Fortunately, Linux systems offer a wide variety of tools for obtaining performance metrics. In this blog post, we will focus on the instrumentation capabilities of the Linux kernel and some interesting methods of analyzing the results.
The importance of the kernel lies in the fact that usage information related to CPU, memory, disk space, or network interfaces is always passing through it, and it cannot be bypassed.
May 11, 2022
NXLog provides native support for Google Chronicle
We are delighted to announce that with the release of NXLog Enterprise Edition 5.5, NXLog provides native support for sending log data to the Google Chronicle threat intelligence platform.
About Google Chronicle Google Chronicle is a cloud-native SIEM service provided on the Google Cloud Platform. It allows organizations to normalize, correlate, and analyze their logging data. Chronicle makes threat hunting easy by empowering security experts to investigate logs allowing them to take a holistic approach to threat detection.
February 17, 2022
Aggregating macOS logs for SIEM systems
Apple has made great strides in recent years, not only with its innovative hardware, but also with incremental improvements to its operating systems. For a number of reasons, Macs have become viable alternatives to PCs in many large corporations. Apple also continues to maintain a strong presence in institutions of higher education, as it has for decades in the US. Whether your Mac users are working on spreadsheets in accounting or they belong to creative teams developing software or marketing content, your digital assets are valuable and need to be monitored to detect any potential security threats.
February 2, 2022
NXLog vs IBM QRadar WinCollect - Let's get things straight
How does NXLog Enterprise Edition compare to the IBM QRadar WinCollect event forwarder?
IBM QRadar SIEM collects, processes, and aggregates log data to provide real-time monitoring and automated response to network threats. With its powerful correlation engine and specialized modules for risk and vulnerability management, it is no surprise that it is among the highest-rated tools on Gartner Peer Insights.
To get the best out of a platform like IBM QRadar, you need to ensure that you send the proper amount of data in a format that it can process efficiently.
June 5, 2021
Flexible, cloud-backed Modbus/TCP log collection with NXLog and Python
Modbus is a simple and flexible protocol used by a wide variety of industrial and automation equipment. Its simplicity has made it attractive for many manufacturers, but it also poses a number of challenges in terms of security and traffic analysis. In this post, we’ll show you how to use NXLog to capture, process, and extract useful security information from Modbus traffic.
What makes Modbus traffic analysis challenging? Modbus is a low-level protocol that effectively uses only two data types: bits (in the form of coils), and 16-bit words (in the form of registers), which are also the only form of data that can be natively addressed with most devices.
February 1, 2021
Sending logs to Microsoft Sentinel with NXLog
What if you could selectively ingest only the high-quality events needed for metrics and reporting that come not only from Azure, but also from other cloud- based resources and on-site assets directly into Microsoft Sentinel?
In this post, the technology we will be examining is the Azure Monitor HTTP Data Collector API, which enables clients, such as the NXLog Enterprise Edition agent, to send events to a Log Analytics workspace, making them directly accessible using Microsoft Sentinel queries.
April 1, 2020
How a centralized log collection tool can help your SIEM solutions
IT security should be one of the main focus points of all enterprises. In today’s world, when digital transformation is taking place at an unprecedented pace, securing online data is vital for all kinds of businesses. This is why most companies are utilizing SIEM (Security Information and Event Management) solutions that help them identify threats before they can do any harm.
Even though SIEM tools are perfect for event correlation and analytics, it is not part of their core functionality to manage log collection, filtering, distribution, and formatting.
March 3, 2020
Sending ETW Logs to Splunk with NXLog
NXLog supports direct collection of Event Tracing for Windows (ETW) data. DNS Analytical logs, for example, can be forwarded to Splunk or another SIEM for monitoring and analysis.
Collecting ETW Logs Event Tracing for Windows (ETW) is a kernel-level tracing facility that provides high-performance logging of kernel and application events. ETW events can be written to a log file or collected directly from the system in realtime via the Consumers API.
Tag: sigma
July 27, 2023
Detect threats using NXLog and Sigma
The analysis of events produced by various systems and applications can offer insights into the infrastructure health and the operational resilience of an enterprise. From an Infosec perspective, the end-goals are: threat detection, forensics and remediation.
However, we can’t query or analyse data that we haven’t collected in the first place! Before threat hunting and incident response are even possible, security events need to be collected from various sources, parsed, transformed, and then forwarded to data sinks such as security information and event managements (SIEM), security analytics platforms, cloud ecosystems and long term storage.
Tag: snare
April 9, 2025
NXLog Agent vs. Snare Agent - A practical comparison of log collection capabilities
Are you looking to replace Snare? Here’s how NXLog Agent compares in real-world environments.
This article will help if you consider a new log collection solution or evaluate alternatives to your existing deployment. It answers key questions from organizations that have migrated from Snare to NXLog solutions.
Feature comparison - Snare Agent vs. NXLog Agent Multiple log collection agents are available on the market. While both Snare Agent and NXLog Agent serve similar use cases, NXLog Agent provides broader platform support, more advanced log processing, and greater flexibility in integration.
Tag: social
February 2, 2023
NXLog in the world - January 2023
A round-up of some of our favorite social media chatter about NXLog this month. Tecmint: Most notable open source log collection tools - NXLog features on the list of top centralized log collection tools
Blumira: Windows Firewall with GPOs - NXLog is recommended to be used in managing the Windows Firewall with GPOs
StationX: CompTIA Security+ Cheat Sheet - NXLog is part of the CompTIA Security+ exam
Reddit: Filter logon/logoff events from AD - How to filter logon/logoff logs from Active Directory with NXLog agent, and shipping to a syslog-ng server
Tag: sox
August 9, 2023
The Sarbanes-Oxley (SOX) Act and security observability
SOX - an overview Serious financial fraud was never considered a real risk while investing in U.S.-listed stocks until 2001, when energy giant Enron Corporation, which held $63.4 billion in assets, collapsed. It was revealed that the company had been misleading investors for years and the company’s stock price quickly plummeted from $90 to less than $1 per share. It was the largest bankruptcy in US history, followed by a $40 billion lawsuit and imprisonment for the corporation’s executives.
Tag: splunk
January 16, 2023
NXLog vs Splunk Universal Forwarder
NXLog supports filtering, enriching, and forwarding logs directly to Splunk Enterprise for further analysis.
If you landed on this blog post, you are likely looking for a new log collection solution or seeking to improve an existing Splunk deployment. If so, we hope this article provides you with the necessary information to take the next step toward a better log collection strategy.
NXLog and Splunk Universal Forwarder feature comparison Several log collection agents are available on the market, and Splunk Universal Forwarder is one of them.
March 3, 2020
Sending ETW Logs to Splunk with NXLog
NXLog supports direct collection of Event Tracing for Windows (ETW) data. DNS Analytical logs, for example, can be forwarded to Splunk or another SIEM for monitoring and analysis.
Collecting ETW Logs Event Tracing for Windows (ETW) is a kernel-level tracing facility that provides high-performance logging of kernel and application events. ETW events can be written to a log file or collected directly from the system in realtime via the Consumers API.
Tag: sql
August 9, 2022
Raijin vs Elasticsearch
Log collection is most closely linked to enterprise security practices—for example, aggregation and analysis in a SIEM. However, collecting certain logs for reasons other than security is often valuable. It may even be a requirement of your organization for the purposes of auditing, legal compliance, or data retention.
Storing all these logs in a database is the most efficient way to manage the data. Finding and managing logs stored as flat files or structured data can be challenging without a database.
Tag: strategy
February 24, 2026
Centralized log management: What it is, how centralized logging works, and how to choose the right system
Centralized log management is the practice of collecting logs from across an environment, including applications, servers, containers, networks, and cloud services, and storing them in a single location where they can be searched and analyzed.
For operations and security teams, centralized logging is now a core requirement. Without it, logs are scattered across hosts, ephemeral containers, cloud consoles, and disconnected tools. This fragmentation slows troubleshooting, complicates incident response, and limits visibility during security investigations.
June 24, 2025
Current challenges in log and telemetry data management
Today, most enterprises use a security log analytics solution or SIEM (Security Information & Event Management), but analytics are only as good as the data fed into your solution. If you’re missing data sources or are failing to extract full value from the data, you won’t see the big picture.
This is an issue new customers commonly mention to NXLog. That’s why one of our key goals is to provide a solid data collection layer that ensures all relevant data is collected and properly fed into the SIEM.
March 12, 2025
Log management best practices
People think about logs as one of the biggest chores in the IT industry. Well, that does not necessarily need to be true. If you adhere to some fundamental log management best practices, the value you could get out of them quickly outweighs the effort put into managing them. Logs can easily become the best friend of IT teams looking to keep their systems secure, meet compliance requirements, and maintain a smoothly running network.
January 6, 2025
How to choose a log management solution
Logs play a critical role in IT infrastructure, and choosing the right log management solution is key to effective operations. This guide explores the core principles for selecting a solution that aligns with your log collection and management needs. Given the wide range of options available, we categorize them into three main groups for clarity.
End-to-end Log Management Solutions
Security Information & Event Management (SIEM)
Application Performance Monitoring and Observability (APM)
May 28, 2024
What is agentless log collection?
Agentless log collection refers to gathering log data from various sources without installing dedicated software agents on the systems generating the logs. Instead, it leverages protocols such as SNMP traps, WECS, WMI, and syslog to retrieve log data remotely.
It is easier to explain what agentless log collection is by also providing some context about agent-based log collection. The truth is that these two options for collecting logs walk hand in hand, meaning that they can and will likely coexist on your network.
May 26, 2023
How to monitor file access in Windows
File access auditing is the process of tracking who reads, modifies, or deletes files on a system, providing a record of user activity for security and compliance purposes. On Windows systems, this is especially important for monitoring sensitive or business-critical files, such as financial records, HR data, or confidential customer information, where unauthorized access could result in a data breach or regulatory violation.
In this post, I’ll show you how to enable file access auditing on Windows and use NXLog Agent to collect and forward file access events to help you protect sensitive data and meet compliance requirements.
Tag: submarine
March 11, 2024
NXLog Enterprise Edition on Submarines
I always wondered what happens to our software when a company purchases it. Okay, I know they will install it and use it. But where do they install it? On what kind of machines? In what kind of environment? And why is it important for them to collect and handle logs? The possibilities are endless. We have customers worldwide; from shoemakers to telecom companies, NXLog is everywhere. But where are the most remarkable places NXLog Enterprise Edition is employed?
Tag: syslog-ng
December 12, 2025
rsyslog vs syslog-ng: Which is the right log shipper?
Well, no doubt logging is the nervous system of any IT infrastructure. From troubleshooting outages to satisfying compliance audits and threat management, having the right log management pipeline can make the difference between smooth operations and chaotic firefighting. For decades, syslog-ng and rsyslog have been two of the most widely used log management tools for Unix and Linux environments. Both provide implementations of the original 1980s syslog protocol and are designed to collect, process, and forward log messages across networks.
November 23, 2022
Need to replace syslog-ng? Changing to NXLog is easier than you think
syslog-ng and NXLog are both powerful log collectors providing flexible log processing. However, you might be in a position where you need to switch from syslog-ng to NXLog. Whether it’s because syslog-ng doesn’t support an operating system or you want to upgrade your log collection solution to one that can be centrally managed, converting your syslog-ng configuration to NXLog is a simple task.
How do syslog-ng and NXLog differ? syslog-ng and NXLog are alike in many ways.
Tag: tcp
February 2, 2022
Reliable delivery of logs - can you trust TCP?
When considering your log collection strategy, a decision you have to make is which transport protocol to use to transfer logs from source to destination. The choice is often between the two most commonly used protocols, UDP (User Datagram Protocol) and TCP (Transfer Control Protocol). Which one to use depends on the type of logs you need to transfer, and whether performance or reliability is more important.
This blog post will compare these protocols, discuss why TCP is usually the preferred choice, and provide some options to further increase log delivery reliability with NXLog Enterprise Edition.
Tag: telemetry
January 5, 2026
Telemetry is evolving; is your business ready?
Some still think telemetry is a futuristic concept, but it isn’t. It’s already integral to the smooth running of everything from websites, e-commerce platforms and mobile apps to manufacturing, traffic control and much, much more. And it all begins with the humble data log.
From the earliest days of computing, programmers have recorded useful information — often in a file — to help track and react to potential threats and understand what’s going on "under the hood" of their IT infrastructures.
Tag: telemetry-data-pipeline
March 9, 2026
Beyond basic ingestion: Advanced OpenTelemetry data processing with NXLog
Most discussions about OpenTelemetry pipelines focus on getting data from point A to point B. Collect telemetry, maybe convert the format, forward it to a backend. That’s the minimum viable pipeline, and it’s where most tooling stops.
But a pipeline that only moves data is a pipe, not a processing layer. The telemetry arriving at your observability platform or SIEM is only as useful as the context it carries. A raw log entry saying "connection from 198.
March 5, 2026
How NXLog simplifies your OpenTelemetry journey
OpenTelemetry has become the de facto standard for telemetry data. Nearly 50% of surveyed cloud-native end-user companies have adopted it, and the project ranks as the second-highest-velocity initiative in the CNCF, behind only Kubernetes. The direction is clear: if your infrastructure doesn’t speak OpenTelemetry, it will increasingly be left out of the observability conversation.
But adopting OpenTelemetry across an entire infrastructure is a different problem than adopting it in a greenfield application.
February 25, 2026
Building a practical OpenTelemetry pipeline with NXLog Platform
Collecting, processing, and forwarding logs and metrics at scale.
OpenTelemetry provides a common instrumentation model that makes it easier to collect telemetry data across distributed systems, and many modern applications are adopting it as a standard for generating logs and metrics. However, in practice, you still need to collect, process, and shape the data before it becomes useful. You cannot simply forward raw telemetry data downstream without risking that your observability platform becomes expensive storage instead of a means of maintaining visibility into your environment.
February 10, 2026
Adopting OpenTelemetry without changing your applications
A practical approach to converting existing logs into modern observability.
OpenTelemetry promises a vendor-neutral standard for observability, consistent telemetry, and the flexibility to change backends without rewriting everything. In practice, however, OpenTelemetry adoption often runs into a familiar obstacle: reality.
Here’s a common scenario. You’re eager to improve observability, but your environment includes a mix of legacy applications, network devices, and third-party systems. Many of these were never designed for modern instrumentation, and changing them is risky, expensive, or simply not an option.
June 24, 2025
Current challenges in log and telemetry data management
Today, most enterprises use a security log analytics solution or SIEM (Security Information & Event Management), but analytics are only as good as the data fed into your solution. If you’re missing data sources or are failing to extract full value from the data, you won’t see the big picture.
This is an issue new customers commonly mention to NXLog. That’s why one of our key goals is to provide a solid data collection layer that ensures all relevant data is collected and properly fed into the SIEM.
December 16, 2024
World of OpenTelemetry
With an ever-expanding choice of technologies on the market, navigating the range of open-source observability tools can be a challenge. Which is why, when it comes to managing complex multicloud environments and their services, standardization is crucial. Here’s where OpenTelemetry (OTel) can play a key role. Developed through the merger of OpenCensus and OpenTracing, OpenTelemetry has become the new standard for open-source telemetry.
Discover what OTel is, the types of telemetry data it encompasses, its potential benefits, and how NXLog can support your OpenTelemetry ecosystem.
September 26, 2024
What is a telemetry pipeline? Understanding and building effective telemetry data pipelines
Back in the day, Gordon Moore made relatively accurate observations and projections about the exponential growth of transistors on semiconductors. It still amazes me, yet very few predicted the incredible growth of system interconnectedness and the vast amount of data it generates. It is estimated that 90% of all data was created in the last two years. Given that everything is connected, the need for telemetry is growing at an unprecedented rate, and so is the need to efficiently channel and manage telemetry data.
Tag: telemetry-filtering
August 27, 2025
How to reduce log noise and fight SOC alert fatigue
Do you ever feel like you’re drowning in data? From endpoint logs and firewall events to database auditing and cloud metrics, the sheer amount of data is overwhelming. While telemetry data is crucial for threat detection, incident response, and compliance, it also brings a major challenge: log noise.
Log noise obscures meaningful security signals. If left unchecked, you risk increased false positives, overloading security tools, higher SIEM licensing costs, and, most importantly, SOC alert fatigue.
Tag: telemetry-management
October 30, 2025
The shadow IT haunting your network: A Halloween horror story
It’s Halloween season, and while everyone else is worried about ghosts and goblins, you—the sysadmin holding the fort—know the real terror: that dusty print server in the corner that’s been running firmware from 2014. Or the Raspberry Pi someone set up to monitor the server room temperature "temporarily" three years ago. Or the CEO’s personal tablet that absolutely must connect to the internal network because "it’s just easier this way.
October 29, 2025
Watching the watchers: The need for telemetry system observability
Organizations invest heavily in sophisticated monitoring platforms, deploy countless agents across their infrastructure, and build elaborate dashboards to track every metric imaginable. Yet amid this pursuit of comprehensive visibility, a dangerous blind spot often emerges: the observability system itself becomes unobservable.
This meta-problem represents one of the most insidious risks in modern infrastructure management. When telemetry collection fails silently—whether due to misconfiguration, infrastructure changes, or system failures—operations teams continue making critical decisions based on incomplete or stale data, unaware that their digital nervous system has developed gaps in coverage.
October 28, 2025
Beyond the silicon: Why monitoring the infrastructure powering AI is critical to ROI
The AI gold rush has arrived, and organizations worldwide are making unprecedented investments in cutting-edge accelerator hardware. GPU clusters worth millions of dollars are being deployed at breakneck speed, with companies betting their competitive futures on these silicon powerhouses. Yet beneath the excitement of acquiring the latest H100s or MI300s lies a sobering reality: the most expensive part of your AI investment isn’t the initial purchase—it’s ensuring that hardware delivers value every single moment it’s operational.
Tag: threat-detection
July 27, 2023
Detect threats using NXLog and Sigma
The analysis of events produced by various systems and applications can offer insights into the infrastructure health and the operational resilience of an enterprise. From an Infosec perspective, the end-goals are: threat detection, forensics and remediation.
However, we can’t query or analyse data that we haven’t collected in the first place! Before threat hunting and incident response are even possible, security events need to be collected from various sources, parsed, transformed, and then forwarded to data sinks such as security information and event managements (SIEM), security analytics platforms, cloud ecosystems and long term storage.
Tag: tpm
May 14, 2024
Harnessing TPM encryption with NXLog
In an increasingly digitalized world, protecting your business’s digital assets is becoming more urgent by the day. Realizing the need to protect data from malicious actors, researchers created encryption. And I am not talking about the Enigma here, but software-based encryption algorithms, with their public and private signing keys, and so on.
Like every other technology, encryption methods have evolved throughout the years. However, the goal remained the same: encryption is there to secure our digital communications.
Tag: trimming
November 12, 2024
Optimize log management and cut costs
Data logging and event monitoring have become essential to provide security and performance monitoring of business operations. However, the vast volume of logs generated can lead to significant challenges, including high costs and inefficiencies.
Many companies collect an excessive number of logs, often missing out on the most critical security-related events. The majority of these logs, known as log noise, offer little to no value to security analysts and can obstruct timely access to high-priority security events.
Tag: udp
February 2, 2022
Reliable delivery of logs - can you trust TCP?
When considering your log collection strategy, a decision you have to make is which transport protocol to use to transfer logs from source to destination. The choice is often between the two most commonly used protocols, UDP (User Datagram Protocol) and TCP (Transfer Control Protocol). Which one to use depends on the type of logs you need to transfer, and whether performance or reliability is more important.
This blog post will compare these protocols, discuss why TCP is usually the preferred choice, and provide some options to further increase log delivery reliability with NXLog Enterprise Edition.
Tag: universal-forwarder
January 16, 2023
NXLog vs Splunk Universal Forwarder
NXLog supports filtering, enriching, and forwarding logs directly to Splunk Enterprise for further analysis.
If you landed on this blog post, you are likely looking for a new log collection solution or seeking to improve an existing Splunk deployment. If so, we hope this article provides you with the necessary information to take the next step toward a better log collection strategy.
NXLog and Splunk Universal Forwarder feature comparison Several log collection agents are available on the market, and Splunk Universal Forwarder is one of them.
Tag: upgrade
September 11, 2023
Upgrading from NXLog Enterprise Edition 5 to NXLog Enterprise Edition 6
The NXLog team is constantly improving the quality of NXLog Enterprise Edition and will soon introduce a new major release - NXLog Enterprise Edition 6.0. This release will bring a large number of changes and it is important to correctly adapt your current configuration when upgrading your system.
Warning We strongly recommend testing NXLog Enterprise Edition 6.0 operation on a smaller set of devices before commiting to a full-scale upgrade of your complete system.
Tag: usa
July 19, 2023
HIPAA logging requirements and how to ensure compliance
The U.S. Health Insurance Portability and Accountability Act (HIPAA) was introduced in 1996 to protect the privacy and security of health information. HIPAA’s Privacy, Security, and Breach Notification rules require healthcare providers and their partners to protect electronic protected health information (ePHI) through robust access controls, breach reporting, and documentation practices.
A critical part of this compliance effort involves maintaining detailed audit logs that track who accessed, modified, or disclosed PHI, and retaining HIPAA logs for at least six years.
Tag: vendor-lock-in
February 13, 2023
Avoid vendor lock-in and declare SIEM independence
The global Security Information and Event Management (SIEM) market is big business. In 2022, it was valued at $5.2 billion, with analysts projecting that it will reach $8.5 billion dollars within five years.
It’s a highly consolidated market dominated by a few major players in the information security field. They want your business, and they don’t want to lose it.
As companies ship more and more data to their respective solutions and make use of more and more features, they become specialized and dependent on a vendor.
Tag: web-server-logs
October 20, 2025
From web server logs to metrics: Visualizing NGINX logs with Prometheus and Grafana
When users start reporting slow responses or intermittent errors from your web applications, your first go-to is your web server logs. But did you know those same logs can provide more than just troubleshooting clues? When analyzed with the right tools, they give system administrators and DevOps teams real-time visibility into your web environment, enabling them to monitor web servers proactively, rather than reactively.
In this post, we’re going to show you how you can uncover web server performance issues and potential attacks early on by collecting NGINX access logs with NXLog Agent, transforming them into Prometheus metrics, and visualizing them with Grafana.
Tag: wec
February 22, 2021
Setting up a Windows Event Collector (WEC) on Linux
Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
Tag: wef
November 27, 2024
Centralized Windows log collection - NXLog Platform vs. WEF
One of the challenges that security-conscious Windows administrators face is collecting and centralizing Windows event logs. One of the obvious solutions that come to mind is the native Windows Event Forwarding (WEF) feature available on all modern Windows operating systems.
WEF offers the convenience of forwarding Windows events to a central event collector without installing and managing agents. To objectively portray the role this valuable technology plays in the larger scope of enterprise log collection, we have written several articles that discuss it:
February 22, 2021
Setting up a Windows Event Collector (WEC) on Linux
Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
December 17, 2018
Making the most of Windows Event Forwarding for centralized log collection
Windows Event Forwarding (WEF) provides log centralization capabilities that are natively supported in Windows-based systems. It is straightforward to set up since it is already built into Windows, and only a few pre-requisites are required, such as having a dedicated event server with a group policy object (GPO). Despite its ease of use and native support, WEF has some limitations. This post covers the advantages of using Windows Event Forwarding for centralized log collection, followed by limitations of WEF and its subsequent solutions.
Tag: wincollect
February 2, 2022
NXLog vs IBM QRadar WinCollect - Let's get things straight
How does NXLog Enterprise Edition compare to the IBM QRadar WinCollect event forwarder?
IBM QRadar SIEM collects, processes, and aggregates log data to provide real-time monitoring and automated response to network threats. With its powerful correlation engine and specialized modules for risk and vulnerability management, it is no surprise that it is among the highest-rated tools on Gartner Peer Insights.
To get the best out of a platform like IBM QRadar, you need to ensure that you send the proper amount of data in a format that it can process efficiently.
Tag: windows
November 8, 2023
Three easy ways to optimize your Windows logs - Reduce cost, network load, and time
If you are capturing Windows Event Logs on a large scale, you know that the more logs you collect, the more resources you need. Thus, the more expensive your SIEM becomes. The main issue is a large amount of the log data you are sending to your SIEM contains no valuable information. This means you waste a sizable portion of your cost on what the industry calls “log noise”.
February 20, 2023
Our customers asked - Collecting Windows DNS resolved address with NXLog
Windows DNS Server log collection is essential yet complex, primarily because Windows DNS Server provides logs in various places in different forms containing a vast amount of information. Nevertheless, we all know that DNS Server log collection is paramount in IT security. Getting it right can be challenging.
The Windows DNS Server section in the NXLog user guide offers a comprehensive guide on collecting log records from a Windows DNS Server.
August 18, 2022
The disappearing Windows DNS debug log
The Windows DNS debug log contains valuable information on DNS queries and activity that is especially useful for monitoring and analyzing malicious traffic. This requires some configuration changes for the DNS service in order to enable debug logging.
Here is a short description on how to enable debug logging for the DNS service on windows, this also applies to Windows Server 2008 and later. It is possible to specify the file and path name of the DNS debug log file as well as the maximum size of the file.
January 25, 2022
Understanding and auditing WMI
If you’re a cyber security enthusiast, you’ve probably heard a lot about Windows Management Instrumentation (WMI) lately. There’s a good reason why this topic has gained popularity, however, this technology has been integrated into Windows operating systems for over 20 years now. In this blog post, we will delve into how WMI works, the risks resulting from misuse, and how to audit it with NXLog.
A standardization effort The first thing to clarify about WMI is that it’s not a Windows-only technology.
July 15, 2021
Top 5 Windows Security logs everyone should collect
It goes without saying that across your business infrastructure, there should be a commitment to protect not only the hardware and software assets, but the plethora of data that is transmitted through and stored in it. However, to successfully safeguard such data, it is imperative to have an effective audit policy in place that includes the collection of security events as its essential component.
Windows provides a wealth of security logs that are visible in the built-in Security channel of Event Viewer.
June 14, 2021
Windows Event Log collection in a nutshell
Unquestionably, Microsoft Windows is the number one desktop operating system in the world, as well as having a significant share of the server operating system market. Multi-million-dollar organizations rely heavily on Windows Server and Active Directory to provide a safe, secure networked environment for their business operations. Such an enterprise infrastructure alone can generate thousands of events per second that range anywhere from benign user authentication events to logs indicating a severe software failure, or even more serious events such as DoS attacks or intrusion attempts.
May 28, 2020
DNS Log Collection on Windows
Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them.
DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform.
While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.
Tag: windows-dns-logs
August 18, 2022
The disappearing Windows DNS debug log
The Windows DNS debug log contains valuable information on DNS queries and activity that is especially useful for monitoring and analyzing malicious traffic. This requires some configuration changes for the DNS service in order to enable debug logging.
Here is a short description on how to enable debug logging for the DNS service on windows, this also applies to Windows Server 2008 and later. It is possible to specify the file and path name of the DNS debug log file as well as the maximum size of the file.
May 28, 2020
DNS Log Collection on Windows
Be sure to read Part 1 and Part 3 of our DNS Log Collection series, in case you missed them.
DNS Log Collection on Windows If you need to reduce the cost of DNS security and increase efficiency through centralizing DNS log collection, where would you start? Answering this question requires knowledge and awareness of the challenges and opportunities available on the Windows platform.
While Windows DNS server is a common technology serving many types of organizations, from local domains to large multi-site enterprises, the possibilities are not necessarily that well-known within the context of comprehensive, site-wide log collection.
Tag: windows-event-forwarding
December 17, 2018
Making the most of Windows Event Forwarding for centralized log collection
Windows Event Forwarding (WEF) provides log centralization capabilities that are natively supported in Windows-based systems. It is straightforward to set up since it is already built into Windows, and only a few pre-requisites are required, such as having a dedicated event server with a group policy object (GPO). Despite its ease of use and native support, WEF has some limitations. This post covers the advantages of using Windows Event Forwarding for centralized log collection, followed by limitations of WEF and its subsequent solutions.
Tag: windows-event-log
May 15, 2025
Remote Desktop logs – A comprehensive guide to RDP logging and monitoring
Monitoring and centralizing Remote Desktop logs is critical for IT security, compliance, and operational efficiency, and NXLog Platform makes it simple and scalable.
Remote Desktop Protocol (RDP) is a powerful Windows feature that allows users to access a computer remotely over the network. While convenient and widely used, it’s also a potential entry point for attackers. Understanding how to check and analyze RDP connection logs can help detect unauthorized access, troubleshoot issues, and maintain system integrity.
November 8, 2023
Three easy ways to optimize your Windows logs - Reduce cost, network load, and time
If you are capturing Windows Event Logs on a large scale, you know that the more logs you collect, the more resources you need. Thus, the more expensive your SIEM becomes. The main issue is a large amount of the log data you are sending to your SIEM contains no valuable information. This means you waste a sizable portion of your cost on what the industry calls “log noise”.
October 11, 2021
Collecting DHCP server logs on Windows
DHCP server log collection made simple DHCP (Dynamic Host Configuration Protocol) is a network management protocol that dynamically assigns IP addresses to each client machine on your network. However, its importance does not stop there. DHCP can even generate numerous critical events that indicate your network’s security has been compromised.
You might then wonder how you can use these events to safeguard your organization from intrusion. Well, these event logs store valuable information that contain the ID and IP address associated with each client.
June 14, 2021
Windows Event Log collection in a nutshell
Unquestionably, Microsoft Windows is the number one desktop operating system in the world, as well as having a significant share of the server operating system market. Multi-million-dollar organizations rely heavily on Windows Server and Active Directory to provide a safe, secure networked environment for their business operations. Such an enterprise infrastructure alone can generate thousands of events per second that range anywhere from benign user authentication events to logs indicating a severe software failure, or even more serious events such as DoS attacks or intrusion attempts.
Tag: windows-events
November 27, 2025
End-to-end Windows file monitoring with FIM and Windows Security Auditing
In the past, we’ve written about monitoring file access in Windows. However, monitoring file access events alone doesn’t capture the full lifecycle of changes that matter for security and compliance.
To gain true end-to-end visibility, you need to track not only when a file is accessed, but also when it’s modified, renamed, or deleted. In this guide, we’ll show how combining File Integrity Monitoring (FIM) with Windows Security Auditing delivers a complete file monitoring solution and how NXLog Agent ties these log sources together.
September 22, 2025
Windows security monitoring: Collecting and visualizing events in Elasticsearch and Kibana
In our previous blog post, From network logs to insights: Visualizing OpenVPN logs with Elasticsearch and Kibana, we explored how you can gain visibility into VPN activity by collecting and analyzing network logs. Windows security monitoring is another common use case we encounter at NXLog.
Windows workstations and servers generate security event logs ranging from authentication attempts and privilege escalations to policy changes and process executions. Such events can reveal external intrusions and insider threats, and for security analysts, they are the first line of evidence in investigating suspicious activity.
Tag: windows-logs
November 27, 2024
Centralized Windows log collection - NXLog Platform vs. WEF
One of the challenges that security-conscious Windows administrators face is collecting and centralizing Windows event logs. One of the obvious solutions that come to mind is the native Windows Event Forwarding (WEF) feature available on all modern Windows operating systems.
WEF offers the convenience of forwarding Windows events to a central event collector without installing and managing agents. To objectively portray the role this valuable technology plays in the larger scope of enterprise log collection, we have written several articles that discuss it:
June 28, 2022
Security logging on Windows - beyond 4625
As a security administrator, you may be inclined to focus on the Windows Security log within Windows Event Log. You might even go as far as filtering for specific event IDs, such as EventID 4625 (failed logon request), while forgetting there is much more to security logging on Windows than this single log source.
The consequence of this narrow field of view is that you are not benefitting from the valuable information that other Event IDs used for security audit policies can offer.
July 15, 2021
Top 5 Windows Security logs everyone should collect
It goes without saying that across your business infrastructure, there should be a commitment to protect not only the hardware and software assets, but the plethora of data that is transmitted through and stored in it. However, to successfully safeguard such data, it is imperative to have an effective audit policy in place that includes the collection of security events as its essential component.
Windows provides a wealth of security logs that are visible in the built-in Security channel of Event Viewer.
February 22, 2021
Setting up a Windows Event Collector (WEC) on Linux
Windows Event Forwarding (WEF) is a service available on Microsoft Windows platforms which enables the forwarding of events from Windows Event Log to a central Windows Event Collector. Since the technology is built into the operating system, this means you can centralize log collection without having to install third party software on each Windows node. You can also use Group Policy for configuring clients to forward their events. This approach not only standardizes client management but also streamlines it.
Tag: windows-security
November 27, 2025
End-to-end Windows file monitoring with FIM and Windows Security Auditing
In the past, we’ve written about monitoring file access in Windows. However, monitoring file access events alone doesn’t capture the full lifecycle of changes that matter for security and compliance.
To gain true end-to-end visibility, you need to track not only when a file is accessed, but also when it’s modified, renamed, or deleted. In this guide, we’ll show how combining File Integrity Monitoring (FIM) with Windows Security Auditing delivers a complete file monitoring solution and how NXLog Agent ties these log sources together.
September 22, 2025
Windows security monitoring: Collecting and visualizing events in Elasticsearch and Kibana
In our previous blog post, From network logs to insights: Visualizing OpenVPN logs with Elasticsearch and Kibana, we explored how you can gain visibility into VPN activity by collecting and analyzing network logs. Windows security monitoring is another common use case we encounter at NXLog.
Windows workstations and servers generate security event logs ranging from authentication attempts and privilege escalations to policy changes and process executions. Such events can reveal external intrusions and insider threats, and for security analysts, they are the first line of evidence in investigating suspicious activity.
Tag: wmi
January 25, 2022
Understanding and auditing WMI
If you’re a cyber security enthusiast, you’ve probably heard a lot about Windows Management Instrumentation (WMI) lately. There’s a good reason why this topic has gained popularity, however, this technology has been integrated into Windows operating systems for over 20 years now. In this blog post, we will delve into how WMI works, the risks resulting from misuse, and how to audit it with NXLog.
A standardization effort The first thing to clarify about WMI is that it’s not a Windows-only technology.
Follow us
© Copyright NXLog Ltd.