In this thread NXLog is also recommended to help retrieve data from logfiles
"NXLog is an excellent log shipper that, besides being able to collect Windows Security logs, Sysmon logs, can collect custom logs", including logs from various browsers.
NXLog gets recommended in a Tweet as the ultimate solution for the job
NXLog gets recommended in a MCAfee discussion community as a solution for parsing additional fields in different Windows events
NXLog gets recommended as one of the 3 best Windows/Linux syslog server solutions
NXLog gets recommended in a Reddit thread to ship the logs to another server
Mick Douglas of Bettersafetynet recommends NXLog for the job
In this Reddit thread the discussion is about easy and reliable ways of monitoring Windows DNS queires
In this blog post NXlog gets recommended as the log collection software when setting up a Homelab environment
NXlog is recommended for the job on a Reddit thread.
Florian Roth writes concerning a Github issue, "Applocker is a very useful tool, especially on servers where unprivileged users have access. For example terminal servers. You need configure applocker and log collect to receive these events", and uses NXlog to tackle it.
NXLog in Enterprise Security Magazine Medium post "Top SIEM Companies 2020".
"NXLog is a generic log collector and centralization tool with an open source log management system to manage the quality of data for SIEM. It is used by thousands of customers worldwide from small startup companies to large security enterprises and has over 70,000 downloads to date. NXLog makes Windows Event logs easy to read and interpret, while being less time-consuming and error-free. The SIEM solution provider is able to parse the event logs into readable JSON formatted logs. With a strong background in UNIX systems, NXLog remains platform neutral, benefitting the enterprise clients significantly."
This a continuation of a longer series that VDA Labs is writing on Graylog also features NXLog Community Edition to ship DC logs back to Graylog.
Interesting discussion in a thread about open source SIEM at the Educause Security Discussion mailing list. Don't believe that 'nothing integrates' with your SIEM. Log collection agents such as ours can be integrated with your SIEM solution regardless if it is open source or not.
Logging infrastructures mainly focus on SIEM analytics and correlations while log collection, log enrichment and log shipping end up taking a back seat. This uneven focus may result in unstructured or decentralized logging which can hinder information security, business continuity and regulatory compliance efforts. We offer a solution to the most pressing challenges organizations face when it comes to central log collection and SIEM optimization. Download our eBook today.