NXLog 是一個用 C 語言寫的支持跨平台日誌收集和日誌管理軟體,支持使用 Perl 語法來進行數據結構化,可以從各種格式的文件收集日誌。支持的平台如 Windows 、Linux (Debian、Redhat、Ubuntu) 、BSD、HP-UX、Android,所收集的日誌可以保存到文件,數據庫或轉發到使用各種協議的遠程日誌服務器。NXLog 有三個版本:Community 開源社群版、Enterprise 企業版、以及 Manager 經理人版,其中推薦日誌收集管理軟體中首屈一指的 NXLog Enterprise 企業版,其高效能跨平台的特性,將成為您促發企業成長的最佳利器。
NXLog企業版 - 滿足您的活動數據收集需求
今天的IT基礎架構在事件日誌方面可能非常苛刻。數百種不同的設備,應用程式和設備會產生大量的事件日誌消息。這些必須在過濾,消息分類,關聯和其他典型的日誌處理任務之後實時處理,轉發或存儲在中央位置。在大多數組織中,這些任務通過連接十幾個不同的腳本和程式來解決,這些腳本和程序都具有自定義格式和配置。
NXLog企業版是一個高性能的多平台日誌收集解決方案,旨在解決這些任務並使用單一工具完成。
NXLog Enterprise 企業版特色
NXLog Enterprise 企業版 ── 高性能、跨平台,為您打造最佳日誌管理解決方案
Ship Log Data to Any SIEM
The NXLog Enterprise Edition works with practically all major SIEM and log analytics products and services.
Avoid vendor lock-in
Ability to send the same events to multiple destinations at the same time.
Superior OS Support
Collect audit logs natively on each supported platform in addition to basic operating system logs and application logs
Outstanding Windows Log Collection Capabilities
The NXLog Enterprise Edition is the most advanced log collector for the Windows platform
- Collect Windows logs locally or remotely
- Can be used as a Windows Event Collector on Linux and Windows to collect WEF remotely
- Natively supports Event Tracing for Windows (ETW)
- Full coverage for Microsoft Exchange logs
- Pull data from Windows Performance counters
- Passive network monitor module for Windows
- Powershell auditing
- Collect Microsoft SQL Server audit logs or read/write data in MS SQL tables
- Full Windows DNS Server log collection support - collect via ETW or parse the DNS log file
- Microsoft Sharepoint log collection support
- Collect and parse Microsoft IIS logs
- Scan the registry and file system periodically for changes to detect and log modifications
Native macOS Logging Capabilities
NXLog Enterprise Edition can filter, normalize, and aggregate logs from multiple Macs into a single SIEM input stream. It is by far the most configurable and versatile logging solution for macOS.
Capable of collecting all types of logs from Apple OS X as well as any release of macOS running on any Mac hardware, including Macs equipped with Apple’s M1 Chip. It’s now possible for the first time ever to gather ULS events.
Secure and Reliable Collection and Transfer
- Signed installation packages
- Reliable transfer with protocol-level acknowledgement
- Flow control to prevent data loss during disruptions, even without buffering
- Message buffering and disk-based queues
- Data compression to reduce network traffic
- Failover capabilities
- TLS/SSL for secure, encrypted data transfer
Remote Management
Managing log collectors across different platforms with segregated administrator roles can be challenging.
Deploy your configuration changes and monitor your agents remotely, without local administrator access
Extreme Flexibility
- Agent-side enrichment, filtering, pattern matching, log format conversion
- Read multiple log sources simultaneously
- Use Perl, Python, Ruby, Go, or Java to create custom parsers or collection logic
- Simple and powerful configuration syntax
- Support for different encodings
- Event correlation
- Built-in log rotation and retention
- Send to more than one destination if needed
- Resolve numeric IDs to human readable names to improve transparency
Agentless, Agent-based, and Cloud Log Collection Modes
May be deployed as a collection agent, standalone collector system, log relay, or in hybrid mode.
For agent-based collection NXLog is installed on the system generating the log data. In agentless deployments the log sources send their data to NXLog, or NXLog queries the sources over the network.
The ideal tool to collect and centralize log data
Fast, Reliable, and Efficient
- Self-contained, lightweight agent
- Blazingly fast, scalable
- Read and write compressed files
- Runs as native, compiled code - no extra runtime required
- Can handle thousands of connections in server mode
- Network packet capture support
Wide Range of Data Formats and Protocols
Designed with structured data in mind, NXLog embraces structured logging to alleviate the need for writing parsers while most other log collectors are still syslog-based.
File Integrity Monitoring
Detection mechanism to record and monitor intentional and unintentional changes to important files and folders
- Meet obligations and compliance mandates
- Enable alerting by detecting and logging changes to monitored assets
- Support incident response and malware detection by logging changes to critical assets
- Help detect intrusion by identifying and logging modifications to configuration files
Storing Logs
Encryption and compression enable safe and cost-efficient long term storage of the collected logs
- Data at rest protection
- Directly writing compressed data to file
Industrial Control Systems / SCADA
NXLog can be used to collect logs from the Windows computers providing operator access and forward them to a SIEM. NXLog’s unique passive network monitoring capability can be used to log traffic on the industrial control segment of the network. It can parse and decode network traffic logs into human-readable information that can be processed by a regular SIEM. This allows customers to create a single Security Operation Center with improved visibility into all aspects of production.
Enhance SCADA/ICS systems log collection capabilities with NXLog.
Leverage the Raijin Database as an event store with NXLog Enterprise Edition
- Direct integration
- Provides easy access to event data without normalization
- Uses familiar SQL-like queries
- Visualize data through Grafana or Apache Superset
- Provides encrypted and compressed data storage
Regular Hot Fixes
There are security flaws discovered every other day that need attention. OS upgrades may break your log management system. Adding some new log sources can be a challenge.
Unlike the NXLog Community Edition, which is a volunteer effort, the NXLog Enterprise Edition receives regular hot-fixes and enhancements. You and your organization can feel a lot safer, especially with the NXLog Enterprise Support subscription.
NXLog Manager
管理和監視大量日誌收集器代理可能很困難,尤其是如果您有許多服務器處於不同角色且多個團隊負責。NXLog Manager可以使用基於Web的集中管理控制台遠程管理和監控NXLog Enterprise Edition實例