A Security Logging Admins Cookbook

NXLog suggested in this thread. If you are getting started with security logging and your SIEM, have a look at our User Guide for integrations.

2019.02.19. 21:24
PowerShell Best Practice Security

"Not sure what SIEM you're using, but check out greylog with nxlog clients. Pretty good stuff." - says Reddit member while discussing about Powershell Best practice Security.

Another topic on Reddit discusses Windows file auditing and reporting. "Is there a way to export or create a report from the Windows Security log about the kind of activity a user has been having on a network share?" Yes, as one user suggests - try combo of Graylog + NXLog.

NXLog integration docs with Graylog can be found here under NXLog User Guide.

2019.01.04. 08:42
BDS Podcast on Windows Event Forwarding (WEF)

This podcast discusses Windows Event Forwarding (WEF) by/for IT security practitioners. NXLog EE can be configured for Windows Event Forwarding. See the YouTube description for additional links including a link to NXLog conf example.

2018.11.23. 08:46
Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide

The blog post written by Rapid7 is a step-by-step walkthrough of using NXLog to transform an ingress authentication log into UEF.

2018.10.17. 10:10
What is everyone using for file and security monitoring of servers and systems?

Can you make this happen for free? No doubt. As one Reddit member says - "Our org for $0 yearly does the following. Dump every log using NXLog to Graylog."

2018.09.25. 14:35
Best open source way to collect and filter Windows Event logs from several servers

With nxlog as log forwarder to graylog. You can specify in nxlog config which events you want to be forwarder.

2018.09.25. 14:26
Recommendations for setup to send client rsyslog messages

Why not nxlog for the log server as well? It’s beautiful. Highly recommended - easy XML config, decent documentation, good info and example config around. I’ve used external scripts, kvp parsing, json formatting, GELF to graylog, all works great.

2018.09.25. 14:24
Convert Windows Server 2012 R2 Event Logs to Syslog with NXLog

This video shows a quick and easy way to send Windows Event Logs to a syslog server by installing the NXlog client on a Windows 2012 R2 Server.

2018.09.18. 14:44
How to forward Active Directory data

Assuming your environments have been configured to log this stuff...nxlog will automatically forward all of these windows events to your SIEM for you in real time...you don't need a script to make this happen.

2018.07.15. 12:18
Why log filtering is essential for windows domain log sources

In his article titled Security Information & Event Management Design: Why log filtering is essential for windows domain log sources? Paul Dutot from Defence Logic raises some valid points about agent side filtering which we have been advocating for some time now. Well worth the read!

2018.05.23. 16:42
What is something that you absolutely love?

It's always delighting to hear users recommend NXLog:

NxLog - Such an awesome little free tool that will push windows events to your log aggregator in a variety of formats. Can even read in from files and push contents out

2018.04.10. 14:30
Centralized logging with Windows Event Forwarding

There was a discussion by the community on reddit about Centralized logging with Windows Event Forwarding. Some alternatives were also recommended.

2018.03.28. 13:46
NXLog For The Win

NXLog For The Win - an article that discusses how to set up NXLog with the ELK stack with a final conclusion: So overall, NxLog is amazing. :)

2018.01.17. 14:19
Unfetter Analytic - Measure the effectiveness of your analytics

Unfetter Analytic is a reference implementation supported by The MITRE Corporation and the National Security Agency (NSA). This reference implementation uses NXLog to collect Windows events.

2017.12.14. 15:43
Industrial Cybersecurity - a new book by Pascal Ackerman

A new book was published recently titled Industrial Cybersecurity. This book is a one-step guide to understanding industrial cyber security, its control systems, and its operations. The book recommends NXLog to collect logs from a Windows system in chapter ICS Network Security.

2017.12.14. 15:36