Choose The Best Log Management Solution

For Your Business


Flexible pricing and volume discounts to meet your needs


Free plan
Free forever plan for all users.
try all Premium features for 30 days
manage and run up to 25 agents
61 modules included - see list
up to 50GB of compressed log storage on premises
log search and analytics (Beta)
send data to Platform
self supported
unlimited number of agents
access to advanced agent features
securely transfer structured logs between NXLog Agents
67 features included
Basic plan
Everything in Free plus additional features designed to meet most business needs.
manage and run unlimited number of agents
84 modules included - see list
up to 500GB of compressed log storage on premises
log search and analytics (Beta)
securely transfer structured logs between NXLog Agents
enterprise grade support available
access to some extra features
117 features included
Premium Plan
Everything in Basic plus features for advanced use-cases and sophisticated SIEM users.
run the agent on 100+ operating systems
95 modules included - see list
up to 1000GB of compressed log storage on premises
log search and analytics (Beta)
enterprise grade support available
access to all extra features
140 features included
Features
Free plan
Basic plan
Premium Plan

Support for x86 32-bit processors
Run the agent on Intel and AMD 32-bit hardware.
Support for x86 64-bit processors
Run the agent on current Intel and AMD 64-bit hardware.
Microsoft Windows support
Run the agent on Microsoft Windows desktop and server operating systems.
GNU/Linux support
Run the agent on various enterprise Linux distributions.
Apple macOS support
Run the agent on Apple macOS operating system.
Support for ARM 32-bit processors
Run the agent on 32-bit ARM systems such as armv7.
Support for ARM 64-bit processors
Run the agent on 64-bit ARM systems such as Apple M1 and M2 and others.
Support for IBM Power 64-bit processors
Run the agent on 64-bit IBM Power systems.
Support for Sparc 64-bit processors
Run the agent on 64-bit Oracle/Sun/Hitachi Sparc systems.
FreeBSD support
Run the agent on FreeBSD, a modern BSD UNIX distribution.
IBM AIX support
Run the agent on the IBM AIX operating system.
Oracle Solaris support
Run the agent on the Oracle Solaris operating system made for Oracle Database and Java applications.

External programs input
Collects the output of an external program, such as a shell script or native executable.
Go input
Used to write custom log collection methods in Go.
Java input
Used to write custom log collection methods in Java.
Perl input
Used to write custom log collection methods in Perl.
Python input
Used to write custom log collection methods in Python 3.
Ruby input
Used to write custom log collection methods in Ruby 2.
External programs extension
Call an external program such as a shell script or native executable to process logs.
Go extension
Used to write custom processing functions in Go.
Java extension
Used to write custom processing functions in Java.
Perl extension
Used to write custom processing functions in Perl.
Python extension
Used to write custom processing functions in Python 3.
Ruby extension
Used to write custom processing functions in Ruby 2.
Health check
Provides HTTP response capabilities for checking NXLog?s health status
Python output
Used to write custom log transport methods in Python 3.
External programs output
Sends logs to the input of an external program, such as a shell script or native executable.
Go output
Used to write custom log transport methods in Go.
Java output
Used to write custom log transport methods in Java.
Perl output
Used to write custom log transport methods in Perl.
Ruby output
Used to write custom log transport methods in Ruby 2.

AIX auditing
This feature reads audit logs directly from the AIX kernel. STREAM mode needs to be enabled in the AIX Audit subsystem to use this feature (which is disabled by default)
Collect logs from Amazon S3
This module can be used to collect logs from Amazon S3 and compatible services
Collect from Microsoft Azure
Collects logs from Azure Table storage, Azure Blob storage, and Azure Log Analytics tables.
Basic Security Module Auditing input
Collects Basic Security Module (BSM) logs used by BSD derivative operating systems, such as Solaris, macOS, and FreeBSD. Supports reading directly from the kernel API.
Network traffic log collection
Collects metadata from network traffic using passive network monitoring. The module parses and converts complex network traffic to readable text.
Batched compression input
Receives logs over the network from other NXLog agent instances. Supports encryption using TLS/SSL, compression, and preserves data structure.
Collect from Check Point devices
Collects logs remotely from Check Point devices using the Opsec LEA protocol.
DBI input
Sends log data to a database table using the libdbi library.
Event Log for Windows 2008/Vista/later
Collects Windows Event Log messages locally from Windows Vista/2008 and later.
Event Tracing for Windows input
Collects logs from the Event Tracing for Windows (ETW) API.
File integrity monitoring
Periodically scans files and directories and generates events when changes are detected.
Collect logs from files
Collects logs from files.
Collect from Google Cloud Logging
Collects logs from the Google Cloud Logging REST API.
Collects logs from Google Pub/Sub
This module uses the Google Pub/Sub REST API to create a subscription and collect logs from a Google Pub/Sub topic.
Write mark log messages
Periodically generates the specified message to provide agent heartbeat.
Receive logs via HTTP and HTTPS
Receives log data via POST requests over HTTP or HTTPS connections. Supports multiline and multipart batching.
Collect operational logs from NXLog
Collects the internal logs of the NXLog agent directly.
Collect from Apache Kafka topics
Publishes events via the Apache Kafka messaging system.
Collect from the kernel log buffer
Collects logs from the kernel log buffer on Linux, BSD, and macOS.
Linux Audit System input
Provides rule management and log collection for the Linux Audit Framework, without external dependencies.
macOS Endpoint Security input
Collects logs from Apple Endpoint Security on macOS 10.15 Catalina and later.
macOS ULS input
Collects logs from the Unified Logging System (ULS) on macOS 10.12 Sierra and later.
Collect logs from Microsoft 365 log collection
Collects logs from Microsoft 365 services using Microsoft Graph Reports API, Office 365 Management Activity API, and the Office 365 Reporting web service.
Event Log for Windows XP/2000/2003
This module can be used to collect Windows Event Log messages on Microsoft Windows platforms
Collect logs from named pipes
Collects log messages from a named pipe on UNIX-like operating systems.
Null input
Collects nothing out of thin air. This module will not produce events by default.
Database log collection
Collects logs from database tables via Open Database Connectivity (ODBC) drivers.
Collect process accounting logs
This module can be used to collect process accounting logs from a Linux or BSD kernel.
Collect logs from a Redis database
Collects logs from a Redis database.
Salesforce log collection
Collects Event Log Files from Salesforce using the REST API.
Systemd input
Collects system logs from the systemd journal on Linux systems.
TCP input
Receives data over the network using plain TCP connections.
Test generator
This module generates simple events for testing, with an incremented integer up to the number of events specified by the MaxCount directive
TLS/SSL input
Receives logs over the network using TLS/SSL-secured connections.
Receive logs via UDP
Recieves log data via UDP datagrams.
Collect logs from Unix Domain Sockets
Collects logs over UNIX Domain Sockets (UDS) like /dev/log.
Windows Event Collector input
Collects Windows event logs over the network. Implements a Windows Event Collector (WEC) to receive logs using Windows Event Forwarding (WEF) clients.
Windows Performance Counters input
Collects Windows performance counters as logs.
Windows Registry Monitoring input
Periodically scans the Windows Registry and generates events when changes are detected.
WTMP
Parses wtmp and btmp logs on UNIX and Linux systems.
Collect logs over ZeroMQ
Collects logs over ZeroMQ (zmq, 0mq) message transport.
Basic Security Module Auditing
Collects Basic Security Module (BSM) logs used by BSD derivative operating systems, such as Solaris, macOS, and FreeBSD. Supports reading directly from log files.
Parse NetFlow payloads
Collects and parses NetFlow and IPFIX data using UDP.
Parse SNMP trap messages
Collects and parses Simple Network Management Protocol (SNMP) trap messages over UDP.

macOS system logs
Collects and parses Apple System Logs (ASL) files on Apple macOS machines.
Parse events in the AIX Audit format
Parses events in the AIX Audit format.
ArcSight Common Event Format
Generates and parses data in the Common Event Format (CEF) developed by Arcsight.
Character set converter
Tools for converting text between character sets.
Log compression and decompression
Compress and decompress data using gzip or zlib algorithm.
Parse or generate logs in CSV format
Parses and generates any comma- and delimiter-separated data (CSV).
Log encryption and decryption
On-the-fly encryption or decryption for log data to provide data-at-rest encryption for log files.
Compare lists
Provides functions to implement file-based blacklisting and whitelisting functionality.
File operations
Performs file operations for log rotation and log file management within the NXLog Agent.
Processing logs in Graylog Extended Log Format (GELF)
Sends and receives logs in the Graylog Extended Log Format (GELF).
Parse and generate logs in JSON format
Parses and converts JSON formatted logs.
Parse and generate logs formatted as key-value pairs
Parses and generates data formatted as key-value pairs (KVP).
Log Event Extended Format (LEEF)
Parses and generates data in the Log Event Extended Format (LEEF) by Qradar.
Grok pattern matcher
Parses log data using the Grok parsing language.
Microsoft DNS Server
Parses debug logs generated by Microsoft DNS Server.
NXLog pattern matcher
Performs efficient pattern matching with an XML pattern database file.
Microsoft Network Policy Server
Parses log data in the Microsoft Network Policy Server (NPS) Radius log format.
Resolver
Functions for resolving IP addresses, user IDs, group IDs, and their names.
Rewrite logs
Add, remove, delete, or rename fields in events. Useful for cleaning, enriching, or adjusting logs at the point of collection.
SAP Security Audit Log (SAL)
Parses SAP audit log files created by SAP application servers.
Parse or generate logs in syslog format
Parses and converts log data to and from the various syslog formats.
Parse and generate logs in XML format
Parses and generates log data in XML format.
Process multiline logs
Parses log messages that span multiple lines.
W3C Extended Log Format
Parses log data in the W3C Extended Log File Format and similar formats.
Blocker
This module blocks log messages and can be used to simulate a blocked route.
Buffer processing
Module supports disk- and memory-based log message buffering
Event correlation
The pm_evcorr module provides event correlation functionality in addition to the already available NXLog language features such as variables and statistical counters, which can be also used for event correlation purposes
HMAC message integrity checking
This module is the pair of pm_hmac to check message integrity
De-Duplicator processing
This module can be used to filter out repeating messages. Like Syslog daemons, this module checks the previous message against the current. If they match, the current message is dropped.
Null processor
This module does not do any special processing, so basically it does nothing. Yet it can be used with the Exec and Schedule directives, like any other module.
Pattern matching
This module makes it possible to execute pattern matching with a pattern database file in XML format

Send logs to Google Chronicle
Send logs to Google Chronicle using the unstructured logevents or UDM endpoint
Write logs to files
Writes logs to files.
Sends logs over HTTP or HTTPS
Sends logs via HTTP or HTTPS connections using POST requests. Supports multiline and multipart batching.
Send logs to named pipes
Sends log messages to a named pipe on UNIX and Linux operating systems.
Null output
Sends logs nowhere, fast. Equivalent to sending output to /dev/null. Data sent here will be discarded.
Send logs to Raijin
Sends logs to the Raijin Database, a powerful, high-volume, schemaless database engine for log storage.
Send logs over TCP
Sends logs over plain TCP connections.
Send logs over TLS/SSL
Sends log data over TLS/SSL encrypted connections.
Send logs via UDP from a spoofed source address
Sends log data over UDP. Useful for daemons which do not support other transports.
Send logs over UDS
Sends logs over UNIX Domain Sockets (UDS) on Linux and UNIX systems
Send compressed log batches
Send logs over the network to other NXLog agent instances. Supports encryption using TLS/SSL, compression, and preserves data structure.
Send logs to a database
Sends log data to an external database with the libdbi library.
Send logs to an Elasticsearch server
Sends logs to an Elasticsearch server.
Send logs to a database
Writes logs into database tables using Open Database Connectivity (ODBC) drivers.
Send logs via UDP from a spoofed source address
Sends log data via UDP from an arbitrary (spoofed) source address.
Send logs to an Apache Kafka topic
Publishes event records to an Apache Kafka topic.
Send logs to an Apache Hadoop cluster
Sends log data to Apache Hadoop using webhdfs.
Send logs to Microsoft Sentinel
Forwards logs to Azure in a blob, table or Azure Log Analytics Workspace.
Send logs to Google Cloud Logging
Send logs to Google Cloud Logging REST API.
Send logs to a Redis server
Sends log data to a Redis server.
Send logs over ZeroMQ
Sends logs via ZeroMQ (zmq, 0mq) message transport
Send logs to Amazon S3
This module can be used to send logs to Amazon S3 and compatible services
Block log messages
This module is mostly for testing purposes. It will block log messages in order to simulate a blocked route, like when a network transport output module such as om_tcp blocks because of a network problem.
Send logs to Microsoft Azure Monitor
This module forwards logs to Azure services that support the Azure Monitor Logs Ingestion API. Event data is sent in batches, reducing the latency caused by the HTTP responses, thus improving Microsoft Azure?s server performance
Send logs to Google Pub/Sub
This module uses the Google Pub/Sub REST API to publish logs to a Google Pub/Sub topic

Log storage - single node, on-prem
Free on-premises storage - up to 500Gb of compressed data.

Remote management
Provides secure remote administration capabilities.
Agent management
Allows to manage up to 25 agents in Free Plan and above 25 in Basic and Premium

General Electric SCADA/ICS Support
Enables log collection on General Electric automation systems.
Siemens SCADA/ICS support
Enables log collection on automation systems by Siemens or Siemens Energy.

Micro Focus ArcSight Logger SIEM support
Enable Micro Focus ArcSight SIEM integration.
Microsoft Sentinel SIEM support
Forward logs to Microsoft Azure Sentinel SIEM.
Google Chronicle SIEM support
Enable Google Chronicle SIEM integration.
IBM QRadar SIEM support
Enable IBM QRadar SIEM integration.
Securonix SIEM support
Enable Securonix Next-Generation SIEM integration.
Splunk SIEM support
Enable Splunk Enterprise SIEM integration.
Free plan
Basic plan
Premium Plan