NXLog Agent

A single, lightweight agent that collects, transforms, and routes telemetry from any OS - including legacy systems - to any destination.

Reduce SIEM ingestion costs and eliminate visibility gaps across your entire infrastructure, including systems no other agent supports.

Let's talk
Full Premium features · 30-day trial
Group 122
Let's talk
Full Premium features · 30-day trial
Group 26198

Already using
NXLog Enterprise Edition?

NXLog Agent is its direct successor — the same proven collection engine, now redesigned as the agent layer of NXLog Platform.

Collect, Transform and Route all Telemetry Data 

 

NXLog Agent is the telemetry collection layer of NXLog Platform that runs on any system - bare metal, virtual
machines, or containers. It supports over 40 platform and architecture combinations, collecting, processing,
and forwarding logs, metrics, and traces with no server component or dependencies.

NXLog Platform adds fleet management, built-in storage, and analytics on top. 

 

What NXLog Agent Does

 

Group 25926

Direct & Relay Collection

Collects locally from files, databases, cloud services, and APIs - or relays data from syslog, network devices, and third-party agents.

Group 25781

On-Source Processing

Deduplication, enrichment, filtering, and format conversion before data leaves the endpoint - so your SIEM bill reflects signal, not volume.

Group 25782

OS & Arch Combinations

Windows, Linux, macOS, BSD, AIX, Solaris - x64, x86, ARM, PowerPC, SPARC - including legacy Win32 like Windows 2000 and XP.

Group 25785

Expressive Config Language

Conditionals, pattern matching, regex, and custom rules. Extend with Python, Perl, Go, or Java for custom logic.

Group 25784

Full OpenTelemetry Support

Native ingestion, output, and transformation of OpenTelemetry data alongside logs and custom metrics - full observability in one agent.

Group 25783

Resilient Forwarding

Configurable buffering, deferred forwarding, and save-to-disk when upstream receivers are unreachable or unavailable.

Low resource usage — NXLog Agent consumes negligible CPU and RAM, even on resource-constrained systems.

 

Architecture at a Glance

 

Architecture at a Glance diagram

 

Why NXLog Agent Over Alternatives

True Cross-Platform

One agent for every OS and architecture. NXLog covers Windows 2000
through the latest macOS in a single product. That means one deployment
process, one configuration language, and one support
contract - across your entire fleet.

Processing at the source, not the pipeline

Unlike collectors that forward raw data for downstream processing, NXLog
Agent filters, enriches, deduplicates, and normalizes at the endpoint - before
data hits the network or your SIEM bill. 

Collects From Anything, Anywhere

IT, OT, software, hardware, and everything in between. From cloud APIs
to ICS/SCADA networks, from application logs to on-the-wire traffic capture
for immutable systems and locked-down appliances where no agent can be installed. 

NXLog covers what other agents leave behind

Legacy operating systems, constrained hardware, and OT environments where
other agents simply don't run.

Group 26132

 

 

Route to Any Destination

NXLog Agent ships data to any combination of SIEM, APM, cloud storage, database, or observability platform - no vendor lock-in. With 120+ built-in modules for collection, processing, and routing, it integrates into any stack out of the box. 

Native integration with dozens of outputs like Splunk, Microsoft Sentinel, Google Chronicle, Elasticsearch, IBM QRadar, Apache Kafka, Amazon S3, Graylog, Prometheus and more - and if that isn’t enough, you can fully customize the data with the built-in configuration language or using Python, Perl, Go or Java, to get the format just right for specific situations.

Free for up to 10 sources so you can test it right now.

Group 26188

 

Trusted by 600+ enterprise teams worldwide

 

Atmosera logo 1

“Some other solutions that we looked at; their capabilities were minimal. Since we work with so many different clients, we never know what request the client is going to throw at you and we want to know that we can support those requests no matter what they are, and with NXLog it‘s sort of like the swiss army knife of logging tools.” 

― Byron Anderson 
     Infosec Engineer 

Logo la banque postale 2022 2

“We really appreciate versatility of NXLog. It’s ultimately lightweight in regard to CPU/ RAM consumption, while still extremely powerful to process a solid event stream flawlessly. Also, as NXLog provides a lot of integration options, it allows us to collect a wide variety of assets’ logs and be flexible with log collection architecture.” 

― Yann Chanel 
     Systems and Networks