Video Tutorials

Application administrators may face various challenges when dealing with Kubernetes logging, one of them being that its flexibility and failure-recovery feature make data inside the cluster highly volatile. In this video tutorial, we demonstrate how to collect Kubernetes Cluster Logs using NXLog Enterprise Edition to tackle such challenges.

Explore how, as a system engineer, you can use the included macULS module to capture events directly from the macOS Unified Logging System. In this tutorial, Seth will showcase how NXLog Enterprise Edition and the included macULS module can be configured to capture several common user activities macOS administrators are often interested in, including user login, user logout, and privileged process execution.

A major cyberattack against Industrial Control Systems can not only pose a risk to valuable data and economic losses, but also a threat to human safety. Log monitoring became crucial to prevent these security breaches and NXLog Enterprise Edition brings reliability, flexibility, and ease of use in log collection known in other IT areas to the ICS/SCADA world. Watch now this demo on collecting ModBus protocol data and SCADA management logs from AVEVA SE CITECT SCADA and how you can send them to different destinations.More:Collecting logs from Industrial Control SystemsFlexible, cloud-backed Modbus/TCP log collection

With Passive Network Monitoring, administrators have the opportunity to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs. This feature also lets security personnel to catch logs from rogue devices in the network that they might not be aware of.In this tutorial series, we'll be explaining the passive network monitoring abilities of NXLog Enterprise Edition to capture and log questionable network-related events such as Rogue DHCP Servers replies, unexpected ARP & ICMP Sweeps, and DNS Tunneling.The im_pcap module of NXLog Enterprise Edition provides support to passively monitor network traffic by generating logs for various protocols.

With Passive Network Monitoring, administrators have the opportunity to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs. This feature also lets security personnel to catch logs from rogue devices in the network that they might not be aware of.In this tutorial series, we'll be explaining the passive network monitoring abilities of NXLog Enterprise Edition to capture and log questionable network-related events such as Rogue DHCP Servers replies, unexpected ARP & ICMP Sweeps, and DNS Tunneling.The im_pcap module of NXLog Enterprise Edition provides support to passively monitor network traffic by generating logs for various protocols.

With Passive Network Monitoring, administrators have the opportunity to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs. This feature also lets security personnel to catch logs from rogue devices in the network that they might not be aware of.In this tutorial series, we'll be explaining the passive network monitoring abilities of NXLog Enterprise Edition to capture and log questionable network-related events such as Rogue DHCP Servers replies, unexpected ARP & ICMP Sweeps, and DNS Tunneling.The im_pcap module of NXLog Enterprise Edition provides support to passively monitor network traffic by generating logs for various protocols.

In this video, we are demonstrating file-based log compression and data at rest encryption with NXLog Enterprise Edition.Often when processing logs in an organization there may be a need to keep large amounts of logging data for extended periods of time on-premises. This may lead some administrators to send only select logs to their 3rd party SIEM while still needing to store all event logs elsewhere for archival, legal compliance, or other business needs for processing or review in the future. NXLog Enterprise Edition includes extension modules for both compression, and encryption to aid in both decreasing log storage burdens, and ensure that stored data is stored more safely, commonly known as data at rest protection.For more, read the documentation:Compression module (xm_zlib)Encryption module (xm_crypto)

In this tutorial, Seth will be demonstrating network connectivity and failover using a small lab environment consisting of a Windows machine (to generate events), five Linux servers for log collection, forwarding, and demonstrating failover situations, and another Linux server acting as a basic log ingestor that will display log data received and act as a mock SIEM to help us visualize log data.

The Splunk Universal Event Forwarder for Windows cannot collect ETW data. Other solutions can be used such as the NXLog im_etw module shown in this video. We show a demonstration of how you can use the NXLog ETW input module to collect and forward Event Tracing for Windows (ETW) data, write it in JSON structured data format, and forward it to Splunk.Use NXLog to collect other types of data on Windows and Linux platforms - from Windows EventLog to file-based log collection, file integrity monitoring, and more.

This short explainer video shows that you can collect and convert Windows EventLog to Syslog using NXLog. You can send the log output to a local file-system log file (shown in this video), to another server via TCP/UDP or to an external suite such as a SIEM.Generate log entries in the various Syslog formats - BSD Syslog, IETF Syslog, or Syslog extensions ArcSight Common Event Format (CEF), Common Event Expression (CEE), Log Event Extended Format (LEEF) or Snare.You can even extend Syslog and generate the log output as structured data such as JSON.