Thiago Teixeira

EN | PT

NXL

NXLog

NXLog Ltd.

Multi-platform log collection and forwarding agent.

Logging & SIEM Freemium Agent / Service Practiced in lab Cross-platform

Homepage

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

NXLog is a multi-platform log collector/forwarder that speaks a long list of formats: Windows Event Log, file, IIS, ETW, GELF, Syslog, JSON, BSM, etc. The Community Edition is free; Enterprise Edition adds advanced modules.

It commonly sits between Windows endpoints and a SIEM in environments where the SIEM does not have a native Windows agent.

Use cases

Forwarding Windows Event Log to a Syslog/ELK SIEM
Centralising IIS/AD logs without paying for a heavy agent
Normalising heterogeneous formats before SIEM ingestion