NXLog Newsletter November Edition: new releases and various User Guide enhancements

We have released November Edition of NXLog Newsletter, which contains information on new releases of NXLog products and detailed information on User Guide updates and improvements.

NXLog Manager v5.1.5116 released

NXLog Manager v5.1.5116 is now available as of November 14 2018. Download and upgrade instructions are available for each platform in the User Guide under the NXLog Manager Installation section.

NXLog Enterprise Edition v4.1

The NXLog Enterprise Edition v4.0 was released earlier this year. If you have missed it, read the release announcement here.

We have been busy this summer, and are happy to bring you NXLog Enterprise Edition v4.1 today. This new version comes with more than 80 issues fixed since v4.0.

Below is the excerpt from the changelog:

Announcing NXLog Enterprise Edition v3.0

We are proud to announce the general availability of NXLog Enterprise Edition v3.0 which is a major step forward to enhance the features and reliability of our flagship product. Below is a list of highlights in the new major release.

Multi platform support for Windows Event Forwarding

A new input module (im_wseventing) can be used to collect forwarded events from Windows hosts. The Windows clients can be configured from Group Policy to send Windows EventLog using Windows Event Forwarding. NXLog already supported collecting Windows EventLog remotely in earlier versions over WMI and MSRPC but this new capability is a major step for secure data collection from Windows machines in agentless mode supporting both Kerberos and HTTPS data transfer. Moreover the new im_wseventing module is platform independent and works on GNU/Linux as well whereby a single NXLog server running on GNU/Linux can be used to collect all your event data in the enterprise including Syslog and Windows EventLog.

The new release brings a WTMP parser

The new release, 2.7.1189 brings a WTMP parser module and a dozen other fixes and enhancements. The following is an excerpt from the changelog:
 
The LICENSE has changed.
Added a new extension module to parse binary wtmp files on Linux.
Fixed a regression causing a crash after the 'failed to determine FQDN hostname' error message.
The to_syslog_*() procedures can now use $raw_event if $Message is unset to make it easier to convert to syslog.
Added a fix to im_msvistalog to handle the "EvtNext failed with error 13: The data is invalid." error better.
The im_file module now emits the last event when using with the xm_multiline extension.

Advanced log correlation

Version 2.3.1027 has been released today. This version brings a new processor module named pm_evcorr which provides event log correlation functionality in addition to the already available nxlog language features (variables and statistical counters). This module was greatly inspired by the Perl based sec.pl simple event correlation tool.
In addition to the above the following fixes and enhancements are available in this release:

nxlog v1.4.607 released

The documentation has been greatly enhanced. Some possible memory leaks and race conditions were fixed. The code can now be compiled with older APR 1.2. Group memberships are honored on Unix/Linux, and a regression in the im_file module has been fixed when using wildcards.

nxlog v1.4.571 released

The code can now be compiled for Android. SNARE Syslog format support has been added for output. The im_mseventlog module can now produce output in UTF-8 and its error handling was enhanced to be more fault tolerant against the EventLog subsystem's failures. The im_mseventlog and im_msvistalog modules now set the AccountType and Category fields. A ReadFromLast configuration directive was added for the im_mseventlog and im_file modules.

Pages