In this Reddit thread the discussion is about easy and reliable ways of monitoring Windows DNS queires
In this blog post NXlog gets recommended as the log collection software when setting up a Homelab environment
NXlog is recommended for the job on a Reddit thread.
Florian Roth writes concerning a Github issue, "Applocker is a very useful tool, especially on servers where unprivileged users have access. For example terminal servers. You need configure applocker and log collect to receive these events", and uses NXlog to tackle it.
NXLog in Enterprise Security Magazine Medium post "Top SIEM Companies 2020".
"NXLog is a generic log collector and centralization tool with an open source log management system to manage the quality of data for SIEM. It is used by thousands of customers worldwide from small startup companies to large security enterprises and has over 70,000 downloads to date. NXLog makes Windows Event logs easy to read and interpret, while being less time-consuming and error-free. The SIEM solution provider is able to parse the event logs into readable JSON formatted logs. With a strong background in UNIX systems, NXLog remains platform neutral, benefitting the enterprise clients significantly."
This a continuation of a longer series that VDA Labs is writing on Graylog also features NXLog Community Edition to ship DC logs back to Graylog.
Interesting discussion in a thread about open source SIEM at the Educause Security Discussion mailing list. Don't believe that 'nothing integrates' with your SIEM. Log collection agents such as ours can be integrated with your SIEM solution regardless if it is open source or not.
Logging infrastructures mainly focus on SIEM analytics and correlations while log collection, log enrichment and log shipping end up taking a back seat. This uneven focus may result in unstructured or decentralized logging which can hinder information security, business continuity and regulatory compliance efforts. We offer a solution to the most pressing challenges organizations face when it comes to central log collection and SIEM optimization. Download our eBook today.
The NXLog Enterprise Edition listed in this extensive guide "Migrating AIX Workloads to Azure: Approaches and Best Practices".
The Securing a Windows network thread, has some great advice for Windows sysadmins. Including this note by a user: "Setup graylog or some other log consolidation tool and use nxlog on everything to start a logging repository." We have extensive documentation and a number of features for securely setting up log collection on your Windows systems, applications and tools as well as integrations with numerous third party suites including Graylog and Elasticsearch/Kibana.
From a user on sending log files to Graylog: "I do like a good bit of NXLog, the community edition covers most of the features you need and they have some brilliant guides on how to get DNS and DHCP logs out of Windows (along with all other kinds of logs). Worth looking at the sysmon agent for Windows as well to get some really high quality logs out." See our Graylog integration guide here.
"#NXLog is the workhorse of @Windows #logging plugins" - read this integration guide by LogDNA, a platform for log analysis and insights.
The presentation by Michel de Crevoisier of Radar Cyber Security, "Facing the challenge(s) of Windows logs collection to leverage valuable IOCs", presented at Swiss Cyber Storm this week suggests NXLog as a solution to collect DNS transaction logs, to read and forward ETW logs, and for WEF/WEC.