Jun 2020

June 2020 Newsletter

NXLog Enterprise Edition 5.0 is available

This new release further positions NXLog as the log collection agent of choice for MSSPs, SIEMs and Log Management suites across Windows, Linux and Unix platforms, and containers. This is a major release that lays the foundation of improvements for the near future. You can grab the packages from Downloads. Below are the main new features:

Passive Network Monitoring

  • For systems with weak audit and tracing capabilities.
  • Capturing traffic and recording metadata from various protocols such as DNS, HTTP, TLS, DHCP, Radius.

Protection for Data at Rest

  • Write events directly into encrypted files on disk, rather than storing them as cleartext.
  • The output can be extracted using common system utilities such as openssl.

Better Failover Support

  • Allows users to specify multiple output destinations in their output module configuration.
  • When the active destination becomes unavailable, NXLog Enterprise Edition connects to the next one available and resumes sending.
  • Improves the reliability of your log collection infrastructure.

New Feature to Read and Write Compressed Files

  • On the fly compression and decompression can be used to write and read compressed data reducing storage needs.
  • The compressed files can be accessed using standard system utilities such as gzip.

More Efficient Data Processing

  • Improvements for faster and more efficient processing, increasing throughput.
  • Improved delivery reliability.

ID Resolution for Better Readability of Log Events

  • Audit trails often contain numerical identifiers such as SID, UID, etc. NXLog converts these numbers into human readable names on the event source making the logs easier to understand. This makes Windows and Linux Audit events more readable during correlation and analysis.

In addition to the new release of the NXLog Enterprise Edition, we have also released improvements to the NXLog Manager, with support to add descriptive information about the agent for better manageability.

Updated chapter in the documentation: Splunk Universal Forwarder

Updated the Splunk topic in the user guide: The Splunk topic received an overhaul to provide better instructions on how NXLog can be deployed to replace Splunk Universal Forwarder in many cases.

NXLog and SIEM, working together - an on-demand webinar

Watch our webinar: Better SIEM operations with Central Log Collection. After watching this video (24 minutes) you will have a better understanding of:

  • SIEM challenges you may face
  • Best practices for better SIEM operation
  • How NXLog can support your SIEM operations in practice (DEMO)

Focusing on reliable DNS logging

Enterprise-grade DNS log collection and enrichment. NXLog has collected best practices and useful content for doing this properly. Proper DNS logging provides your security team with extra advantages.

Top Social Media Chatter in June

What did the community have to say about NXLog on social media?  Tweet to us or share your updates with us on LinkedIn for an opportunity to be listed in this newsletter.

Reddit Posts

  • An Audit How To: Using Logstash with Active Directory/Windows Server. - comment
  • How to send email notification on certain windows events? - comment
  • MSPs adding a SIEM? - comment

Other places

  • Comparing 10 Docker Container Monitoring Solutions. - link

Share this post