Sep 2020

September 2020 Newsletter

The NXLog Enterprise Edition 5.1 Is Here!

We are proud to announce the first minor release in the new major version of NXLog Enterprise Edition. With NXLog Enterprise Edition 5.1 we are expanding the capabilities of our new passive network monitoring module with additional protocol phrasers focusing on Indrustrial Control Systems.

NXLog Enterprise Edition now supports passive network monitoring on Windows systems in addition to Linux and macOS, allowing greater visibility into what is happening on the network. Combined with the added support for industrial control protocols such as BacNet, Profinet and Modbus, the NXLog Enterprise Edition offers capabilities for hardening your security further.

New features:

  • Added protocol parser for BACNET
  • Improved handling of complex data in MODBUS packets
  • Added protocol parser for PROFINET
  • Packaged im_pcap - the passive network monitor module for Windows
  • Started shipping individually signed packages on Debian

This release opens the door for exploring NXLog Enterprise's Edition's monitoring features in industrial environments.

If you have feedback, or would like to see additional improvements in this area, reach out to us.

Download a fully funcional trial version of NXLog Enterprise Edition 5.1 for free to see how it could help your organization.


WATCH NOW: Basic Network Connectivity & Failover - NXLog Enterprise Edition

We are glad to bring you the first part in our new video tutorial series. In this video, we are going to demonstrate network connectivity and failover using a small lab environment consisting of a Windows machine to generate events, five Linux servers for log collection, forwarding and demonstrating failover situations and another Linux server acting as a basic log ingestor that will display log data received and act as a mock SIEM to help us visualize log data.

Get the link to the video here and make sure to subscribe to our Youtube channel to get notifications about our upcoming videos.


WATCH WEBINAR: Features and benefits in the new NXLog Enterprise Edition 5.0

In the past few weeks we held four sessions with attendees from across the globe on the features and benefits of the new NXLog Enterprise Edition 5.0. Many of the registrants had sent in questions in advance so we were glad to discuss how this recent release could offer solutions for various pain points enterprises face when it comes to log collection and management.

If you were unable to attend, now you can watch the video at this link.

You are also welcome to request a fully functional free trial of NXLog Enterprise Edition 5.0 to test it for your organization.


NXLog vs. Splunk Universal Forwarder

NXLog supports both log enrichment and direct forwarding of log events to Splunk indexes, Splunk SIEM and other Splunk products for further analysis. Whether you are looking for a new log collection solution or seeking to replace and improve an existing Splunk deployment, we trust that this article can provide further information to help you make a more informed decision on the next steps towards improving your Splunk deployment. The post also includes a Feature Comparison chart, highlighting the areas where NXLog can explicitly help you, such as:

  • superior OS support
  • comprehensive output format support
  • wider range of log processing features
  • filter for events of interest

If you wonder why would you need NXLog when Splunk already has a forwarding agent, there are further points to consider: 

  • when it comes to assessing performance, it is noteworthy that even under heavy load, the Splunk Enterprise was consistently able to index events forwarded by NXLog over 10 times faster than the same events sent by the Splunk universal forwarder
  • multiple integrations (use with any SIEM)
  • event log enrichment
  • reduce operating costs

Read the blog post here


Budgeting

If your organization is preparing its financial plans for 2021 and you need assistance in budgeting NXLog, please reach out to us directly and we will be more than happy to discuss your requirements.


Microsoft Azure Sentinel Integration Now Available

Sentinel is Microsoft’s security information event management (SIEM), which is offered as a service within Azure. Because of its presence within Azure and close integration with other Azure services, Microsoft refers to Sentinel as "a scalable, cloud-native, and security orchestration automated response (SOAR) solution."

NXLog can be configured as an agent for Sentinel, collecting and forwarding logs to its Log Analytics workspaces by following the steps described in this article.


SIEM Optimization Resource Page

Most logging infrastructures mainly focus on SIEM analytics and correlations while log collection, log enrichment and log shipping end up taking a back seat. Meanwhile the adequacy of security operations is heavily dependent on the reliability and accuracy of available log messages. This uneven focus may result in unstructured or decentralized logging which in the long run can severely hinder information security, business continuity and regulatory compliance efforts.

NXLog offers a solution to the most pressing challenges organizations face when it comes to central log collection and SIEM optimization. 

We are glad to provide you with a SIEM Optimization Resource Page containing an e-book, a whitepaper, a webinar and a PDF on the 4 Stages of SIEM.

Amongst others, NXLog offers you the following benefits in SIEM optimization:

Central Log Collection Infrastructure
NXLog centrally manages log collection by acting as a bridge between log sources and destinations. NXLog can collect logs from all major Linux, Unix and windows sources and integratable with all market leading logging technologies. Check out our integration hub.

Data Enrichment and Formating
NXLog supports all major log formats including: BSD Syslog, IETF Syslog, Snare Agent format, Windows Event Log and JSON. NXLog can on the fly reformat and enrich log messages and distribute them to the right destination.

Performance Optimization
NXLog is designed for high performance on modern multi-core and multi-processor systems. It operates as a lightweight technology with minimal impact on the servers CPU and memory consumption. NXLog can run as agent-less, agent-based and as a cloud-source solution.

Check out the full list of benefits, the NXLog infrastucture, and integration with SIEM and log analytics solutions on our dedicated page and get any or all items of the SIEM Optimization Resource Page


Top Social Media Chatter August-September

What did the community have to say about NXLog on social media?  Tweet to us or share your updates with us on LinkedIn for an opportunity to be listed in this newsletter.

Reddit Posts

  • Using NXLog to forward WEF to Graylog
  • A discussion on the best open-source log collection solutions - comment
  • NXLog is mentioned as a solution for shipping logs to another server as part of the compression process - comment

Other places

Share this post