NXLog Enterprise Edition v4.1

The NXLog Enterprise Edition v4.0 was released earlier this year. If you have missed it, read the release announcement here.

We have been busy this summer, and are happy to bring you NXLog Enterprise Edition v4.1 today. This new version comes with more than 80 issues fixed since v4.0.

Below is the excerpt from the changelog:

Centralized log collection with NXLog

What are logs for?

People outside the security industry probably would answer this question: "To fill up disk space". Partly true, logging can be a point of failure in the system if the log files are not properly rotated and managed.

On the security side, logs are a crucial part of our world’s IT systems. For example, how would we know who accessed our e-mail account and when? This would be impossible to answer without logging data about these events.

Announcing NXLog Enterprise Edition v3.0

We are proud to announce the general availability of NXLog Enterprise Edition v3.0 which is a major step forward to enhance the features and reliability of our flagship product. Below is a list of highlights in the new major release.

Multi platform support for Windows Event Forwarding

A new input module (im_wseventing) can be used to collect forwarded events from Windows hosts. The Windows clients can be configured from Group Policy to send Windows EventLog using Windows Event Forwarding. NXLog already supported collecting Windows EventLog remotely in earlier versions over WMI and MSRPC but this new capability is a major step for secure data collection from Windows machines in agentless mode supporting both Kerberos and HTTPS data transfer. Moreover the new im_wseventing module is platform independent and works on GNU/Linux as well whereby a single NXLog server running on GNU/Linux can be used to collect all your event data in the enterprise including Syslog and Windows EventLog.

Sending logs over HTTP(s)

Version 2.1.956 has been released today. It comes with a shiny new om_http module which allows sending logs to HTTP services such as loggly, elasticsearch etc.
The pm_buffer module has been rewritten to use chunked file storage. This release contains several other fixes and improvements, see the included changelog for more information.