YOUR LOG COLLECTION JOURNEY STARTS HERE

The ultimate solution for collecting and centralizing log data

LOG COLLECTION MODES

Agent-based, Agentless or Cloud

NXLog can process logs in three modes. Each mode has different characteristics, and you can use any combination of modes for your overall logging infrastructure.

  • Agent-based collection: NXLog runs on the system that is generating the log data.
  • Agentless collection: Hosts or devices generate log data and send it over the network to NXLog.
  • Offline log processing: The nxlog-processor(8) tool performs batch log processing.

SPECFIC OS SUPPORT

AIX, Linux, FreeBSD

Each of the following chapters lists some of the common log sources that can be collected on the corresponding platform. See also Supported platforms.

  • IBM AIX
  • FreeBSD
  • OpenBSD
  • GNU/Linux
  • Apple macOS
  • Oracle Solaris
  • Microsoft Windows

NXLog Manager

Central Management and Monitoring Tool For Your NXLog Agents

Managing and monitoring a large number of log collection agents can be tough. Multiple teams, differing roles, and a diverse and distributed infrastructure compound the problem. Remove painfully long and manual configurations with our centralized management solution, NXLog Manager. Speed up the deployment and change process, freeing your security team to continue protecting your organization.

SCADA/ICS

Energy, Oil & Gas, Transport

SCADA (Supervisory Control and Data Acquisition) is the most significant subsystem of ICS that allows industrial organizations to:

  • Control industrial processes locally or remotely
  • Monitor, gather, and process real-time data
  • Achieve high-performance data archiving
  • Efficiently analyze process values (trends) and messages (alarm control)
  • Interact with a wide range of devices using extended communication infrastructure

    Industries that rely heavily on ICS include Oil and Gas, Pharmaceutical, Petrochemical, Food and Beverage, Manufacturing, Power, Recycling, Transportation, Water and Wastewater, Mining. There are many providers of ICS solutions for various industries, some of which are Siemens, Schneider Electric, ABB, General Electric, Yokogawa, Honeywell, Emerson, and Rockwell Automation, just to name some of the larger ones.

FIM

File Integrity Monitoring

File integrity monitoring (FIM) can be used to detect changes to files and directories. A file may be altered due to an update to a newer version, a security breach, or data corruption. File integrity monitoring helps an organization respond quickly and effectively to unexpected changes to files and is therefore a standard requirement for many regulatory compliance objectives.

  • PCI-DSS compliance – Payment Card Industry Data Security Standard (Requirement 11.5)
  • SOX compliance – Sarbanes-Oxley Act (Section 404)
  • NERC CIP compliance – NERC CIP Standard (CIP-010-2)
  • FISMA compliance – Federal Information Security Management Act (NIST SP800-53 Rev3)
  • HIPAA compliance – Health Insurance Portability and Accountability Act of 1996 (NIST Publication 800-66)
  • SANS compliance – SANS Critical Security Controls (Control 3)

DNS logging with NXLog

  • By proactively monitoring DNS audit logs, network administrators can quickly detect and respond to cyberattacks.
    Forwarding DNS logs to a SIEM allows breaches to be quickly detected thus reducing the response time needed for mending security holes and deploying countermeasures.
  • With an effective logging strategy responsible for forwarding quality events to a SIEM, the brunt of intrusion detection can be automated, giving security operations center (SOC) personnel more time for analyzing suspicious alerts and working on security tasks of a more proactive nature.
  • Aggregating DNS logs using a centralized log collection strategy while filtering out low-quality events can significantly boost threat detection efficiency. Some fringe benefits of this approach are:
  • The cost of storage and processing are reduced since filtering drops the majority of events which are of little or no security interest.
  • Event correlation is much easier to realize with streams of events being sent to a centralized logging server where they are aggregated.
  • GDPR and other compliance obligations are more easily fulfilled when combined with this centralized architecture and the ability to filter and securely forward specific events needed for compliance to a secure storage location for archival.