The Securing a Windows network thread, has some great advice for Windows sysadmins. Including this note by a user: "Setup graylog or some other log consolidation tool and use nxlog on everything to start a logging repository." We have extensive documentation and a number of features for securely setting up log collection on your Windows systems, applications and tools as well as integrations with numerous third party suites including Graylog and Elasticsearch/Kibana.
From a user on sending log files to Graylog: "I do like a good bit of NXLog, the community edition covers most of the features you need and they have some brilliant guides on how to get DNS and DHCP logs out of Windows (along with all other kinds of logs). Worth looking at the sysmon agent for Windows as well to get some really high quality logs out." See our Graylog integration guide here.
For all the highlights and updates for NXLog in 2019, read our newsletter.
"#NXLog is the workhorse of @Windows #logging plugins" - read this integration guide by LogDNA, a platform for log analysis and insights.
The presentation by Michel de Crevoisier of Radar Cyber Security, "Facing the challenge(s) of Windows logs collection to leverage valuable IOCs", presented at Swiss Cyber Storm this week suggests NXLog as a solution to collect DNS transaction logs, to read and forward ETW logs, and for WEF/WEC.
Datadog, mentioned in our Integrations page, has published a post on handling multi-line logging which includes a summary of what the NXLog multi-line extension module can do in similar situations.
NXLog a recommended log collector in the most recent official GSEC guidebook for security professionals "GSEC GIAC Security Essentials Certification All-in-One Exam Guide, Second Edition" released on August 2019. Get started with your own log collection via the NXLog Community Edition or Enterprise Edition and start gathering logs to SIEM suites.
McAfee has announced, at the Black Hat USA security conference, the McAfee Security Innovation Alliance (SIA) program of which NXLog is a part of. The inclusion of NXLog Enterprise Edition is evidence of a mutual commitment to empower security teams. Learn how to integrate with McAfee ESM here.
NXLog was recently interviewed in the special SIEM edition of Enterprise Security Magazine. Read the rest of the interview to level up and learn more about why the choice of log collector is important, regardless of the SIEM used.
New post published on the OVH website sharing their insights. "Sending Windows Logs with NXLog to Logs Data Platform in 15 minutes or less". Great feedback also - "one of the leader of the log management tools. Its configuration is fairly simple and can get you started in a few minutes."
NXLog mentioned as a suggested agent for host-based logging in this talk "Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework". View the entire video and read the PDF. Read more about integrating with Elasticsearch and Kibana here.
Three newly updated articles from Nagios within the last 1-2 months on configuring NXLog with Nagios Log Server. "Sending NXLogs with SSL/TLS" (last update March 2019), "Configuring NXLog To Send Additional Log Files" (last update Feb 2019) and "Configuring NXLog To Send Multi-Line Log Files" (last update on Feb 2019). Feel free to reach out to our Community Forum for help!
Interesting post by Logmatic aimed at Golang developers working with logging libraries. NXLog recommended as log collector for Windows, but you can also use NXLog to replace Rsyslog.
Logging and log analysis are essential to securing infrastructure, particularly when we consider common vulnerabilities. This article, based on writer's lightning talk Let's use centralized log collection to make incident response teams happy at FOSDEM'19, aims to raise awareness about the security concerns around insufficient logging, offer a way to avoid the risk, and advocate for more secure practices.
Infomentum shares how they have solved the challenge of centralized logging with NXLog Community Edition. "One of the challenges we faced was shipping Windows Server logs from a logfile onto Logstash’s syslog listener, and we found a tool that does exactly that - nxlog-ce-2.9.1716".