NXLog Ltd, developer of multiplatform log collection suite, has now published a new major release, NXLog Enterprise Edition version 5.0, which includes many new features for enhancing secure and reliable log collection for the enterprise. This new release further positions NXLog as the log collection agent of choice for MSSPs, SIEMs and Log Management suites across Windows, Linux and Unix platforms, and containers. Below are the main new features. If you are interested in the details and the changelogs, please click here.
Passive Network Monitoring
- For systems with weak audit and tracing capabilities.
- Capturing traffic and recording metadata from various protocols such as DNS, HTTP, TLS, DHCP, Radius.
Protection for Data at Rest
- Write events directly into encrypted files on disk, rather than storing them as cleartext.
- The output can be extracted using common system utilities such as openssl.
Better Failover Support
- Allows users to specify multiple output destinations in their output module configuration.
- When the active destination becomes unavailable, NXLog Enterprise Edition connects to the next one available and resumes sending.
- Improves the reliability of your log collection infrastructure.
New Feature to Read and Write Compressed Files
- On the fly compression and decompression can be used to write and read compressed data reducing storage needs.
- The compressed files can be accessed using standard system utilities such as gzip.
More Efficient Data Processing
- Improvements for faster and more efficient processing, increasing throughput.
- Improved delivery reliability.
ID Resolution for Better Readability of Log Events
- Audit trails often contain numerical identifiers such as SID, UID, etc. NXLog converts these numbers into human readable names on the event source making the logs easier to understand. This makes Windows and Linux Audit events more readable during correlation and analysis.
Event Correlations on the Edges
- Basic correlations can be handled one the event source or a log relay to reduce the load on the central correlation engines. This frees the SIEM to handle correlations spanning multiple event sources over longer time periods.
- NXLog provides a feature for tracking event identifiers to group related events
- Communication over IPv6.
- Identify and properly handle IPv6 addresses in events.
FIFO Collection for Linux and UNIX Systems
- Configure NXLog to collect from or output to FIFO files. FIFOs provide an easy way to feed data with some advantages over file-based log collection.
In addition to the new release of the NXLog Enterprise Edition, we have also released improvements to the NXLog Manager, with support to add descriptive information about the agent for better manageability.