NXLog is endorsed for its features when it comes to edge filtering/routing/processing
Setting up log collection for Windows Syslog using NXLog
NXLog is recommended and used to send Windows Logs to Remote Syslog
NXlog is used to collect logs that help catching a malicious actor. An initial alarm was triggered by a Windows Defender detection of Cobalt Strike on an internal customer asset. The associated log was provided to USM Anywhere using NXLog and was detected using a Windows Defender signature.
NXLog is recommended in this thread for filtering event logs
NXLog is recommended for forwarding logs in an anecrypted format to Kiwi Syslog
NXLog is recommended to help in monitoring & ingesting a windows flat .log file
Follow the steps in this neat article to build Honeypot using NXLog
This Twitter threas shows you how to ship directly to your SIEM without the need for WEF/WEC
NXLog is recommended as a solution to forward Windows and syslog logs.
A detailed post on how NXLog is used to collect Microsoft Windows Events
Using NXLog with Graylog Sidecar to collect and send messages to a Graylog server.
This guide describes how you can deploy Zeek (formerly Bro) and NXLog with Chronicle to collect Zeek logs in JSON format.