Advanced log correlation

Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event log correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.
In addition to the above the following fixes and enhancements are available in this release:

Sending logs over HTTP(s)

Version 2.1.956 has been released today. It comes with a shiny new om_http module which allows sending logs to HTTP services such as loggly, elasticsearch etc.
The pm_buffer module has been rewritten to use chunked file storage. This release contains several other fixes and improvements, see the included changelog for more information.

Now scaling better with thousands of files

Version 1.4.803 has been released today.
The im_file module has been enhanced so that it deals better with thousands of files and consumes less CPU. It will automatically retry files which gave a read error earlier instead of stopping completely. The im_msvistalog module now pulls all application logs by default in addition to the system logs. There were several other enhancements and bug fixes, the changelog is available in the source tarball.

Pages