• Products
    LOG COLLECTOR
    NXLog Enterprise Edition
    Full feature multi-platform log collection
    NXLog Community Edition
    Open-source free log collector
    ADD-ONS FOR NXLOG ENTERPRISE EDITION
    NXLog Add-Ons
    Full feature multi-platform log collection
    AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
    NXLog Manager
    Full feature multi-platform log collection
    NXLog Minder
    Full feature multi-platform log collection
    DATABASE FOR NXLOG ENTERPRISE EDITION
    Raijin Database Engine
    Full feature multi-platform log collection
    more from nxlog
    Professional Services
    Compare NXLog EE and CE
  • Solutions
    SCADA/ICS
    Energy, Oil & Gas, Transport...
    Windows Event log
    Collect locally or remotely, ..
    macOS Logging
    ULS events, Apple System Logs ...
    DNS Logging
    ULS events, Apple System Logs ...

    By Industry

    Financial Services
    Government & Education
    Entertainment & Gambling
    Telecommunications
    Medical & Healthcare
    Military & Defense
    Law Firms & Legal Counsel
    Industrial & Manufacturing
  • Partners
    Find a Reseller
    Look for our resellers worldwide
    Technology Ecosystem
    See all our partners and integrations
  • Resources
    Documentation
    Products guides and integrations
    Blog
    Tutorials, updates and releases
    Whitepapers
    Datasheets, infographics and more
    Webinars
    Community events and webinars
    Community Forum →
  • Why Nxlog
    About Us
    Our journey, team and mission
    Jobs
    We are hiring!
    Contact Us →
LOG COLLECTOR
NXLog Enterprise Edition
Full feature multi-platform log collection
NXLog Community Edition
Open-source free log collector
ADD-ONS FOR NXLOG ENTERPRISE EDITION
NXLog Add-Ons
Full feature multi-platform log collection
AGENT MANAGER FOR NXLOG ENTERPRISE EDITION
NXLog Manager
Full feature multi-platform log collection
NXLog Minder
Full feature multi-platform log collection
DATABASE FOR NXLOG ENTERPRISE EDITION
Raijin Database Engine
Full feature multi-platform log collection
more from nxlog
Professional Services
Compare NXLog EE and CE
SCADA/ICS
Energy, Oil & Gas, Transport...
Windows Event log
Collect locally or remotely, ..
macOS Logging
ULS events, Apple System Logs ...
DNS Logging
ULS events, Apple System Logs ...

By Industry

Financial Services
Government & Education
Entertainment & Gambling
Telecommunications
Medical & Healthcare
Military & Defense
Law Firms & Legal Counsel
Industrial & Manufacturing
Find a Reseller
Look for our resellers worldwide
Technology Ecosystem
See all our partners and integrations
Documentation
Products guides and integrations
Blog
Tutorials, updates and releases
Whitepapers
Datasheets, infographics and more
Webinars
Community events and webinars
Community Forum →
About Us
Our journey, team and mission
Jobs
We are hiring!
Contact Us →
Request Trial

NXLog Documentation

    • NXLog User Guide
      • Introduction
        • About this Guide
        • About NXLog
        • Get started with NXLog
        • System architecture
          • Event records and fields
          • Modules and routes
          • Buffering and flow control
          • Batch processing
          • Log processing modes
        • Available modules
      • Deployment
        • Supported platforms
        • Product life cycle
        • System requirements
        • NXLog digital signature verification
        • Red Hat Enterprise Linux & CentOS
        • Debian & Ubuntu
        • SUSE Linux Enterprise Server
        • FreeBSD
        • OpenBSD
        • Microsoft Windows
        • Microsoft Nano Server
        • Apple macOS
        • Docker
        • IBM AIX
        • Oracle Solaris
        • Hardening NXLog
        • Relocating NXLog
        • Monitoring and recovery
        • Controlling resource usage
      • Configuration
        • Configuration overview
        • NXLog language
        • Reading and receiving logs
        • Processing logs
          • Parsing various log formats
          • Alerting
          • Using buffers
          • Character set conversion
          • Detecting an inactive agent or log source
          • Event correlation
          • Extracting data
          • Filtering logs
          • Format conversion
          • Log rotation and retention
          • Log classification
          • Log prioritization
          • Parsing multi-line logs
          • Rate limiting and traffic shaping of logs
          • Rewriting and modifying logs
          • Log normalization
          • Data masking
          • Timestamps
        • Forwarding and Storing Logs
        • Centralized Log Collection
        • NXLog failover mode
        • High Availability (HA)
        • Encrypted transfer
        • Reducing bandwidth and data size
        • Reliable message delivery
        • Compression and Encryption
      • OS Support
        • IBM AIX
        • FreeBSD
        • OpenBSD
        • GNU/Linux
        • Apple macOS
        • Oracle Solaris
        • Microsoft Windows
      • Integration
        • ABB MicroSCADA Pro SYS600
        • Amazon Web Services (AWS)
        • Apache HTTP Server
        • Apache NiFi
        • Apache Tomcat
        • APC Automatic Transfer Switch
        • Apple macOS kernel
        • ArcSight Common Event Format (CEF)
        • AVEVA System Platform
        • Box
        • Brocade switches
        • Browser history logs
        • Check Point
        • Cisco ACS
        • Cisco ASA
        • Cisco FireSIGHT
        • Cisco IPS
        • Cloud Instance Metadata
        • Common Event Expression (CEE)
        • Content Management Systems
        • Dell EqualLogic
        • Dell iDRAC
        • Dell PowerVault MD series
        • Devo
        • DHCP logs
          • ISC DHCP server (DHCPd)
          • ISC DHCP client (dhclient)
          • Windows DHCP server
          • Windows DHCP client
        • DNS Monitoring
          • DNS logging and monitoring
          • BIND 9
          • Windows DNS Server
          • Passive DNS monitoring
        • Docker
        • Elastic Common Schema (ECS)
        • Elastic Cloud
        • Elasticsearch and Kibana
        • F5 BIG-IP
        • File Integrity Monitoring
        • FreeRADIUS
        • General Electric CIMPLICITY
        • Google Chronicle
        • Graylog
        • HP ProCurve
        • IBM QRadar SIEM
        • Industrial Control System protocols
        • Kubernetes
        • Linux Audit System
        • Linux system logs
        • Log Event Extended Format (LEEF)
        • LogPoint
        • Logstash
        • McAfee Enterprise Security Manager (ESM)
        • Micro Focus ArcSight Logger
        • Microsoft Active Directory Domain Controller
        • Microsoft Azure Active Directory and Office 365
        • Microsoft Azure Event Hubs
        • Microsoft Defender for Identity
        • Microsoft Exchange
        • Microsoft IIS
        • Microsoft Routing and Remote Access Service (RRAS)
        • Microsoft Sentinel
        • Microsoft SharePoint
        • Microsoft SQL Server
        • Microsoft System Center Configuration Manager
        • Microsoft System Center Endpoint Protection
        • Microsoft System Center Operations Manager
        • MongoDB
        • Nagios Log Server
        • Nessus Vulnerability Scanner
        • NetApp
        • .NET application logs
        • Nginx
        • Okta
        • Oracle Database
        • Osquery
        • Postfix
        • Promise
        • Raijin Database Engine
        • Rapid7 InsightIDR SIEM
        • RSA NetWitness
        • SafeNet KeySecure
        • Salesforce
        • SAP
        • Schneider Electric Citect SCADA
        • Schneider Electric EcoStruxure Process Expert
        • Siemens SICAM SCC
        • Siemens SICAM PAS/PQS
        • Siemens SIMATIC PCS 7
        • Snare
        • Snort
        • Solarwinds Loggly
        • Splunk
        • Sumo Logic
        • Symantec Endpoint Protection
        • Synology DiskStation
        • Syslog
        • Sysmon
        • Trellix ePolicy Orchestrator
        • Ubiquiti UniFi
        • VMware vCenter
        • Windows AppLocker
        • Windows Command Line Auditing
        • Windows Event Forwarding
        • Windows Event Log
        • Windows Firewall
        • Windows Group Policy
        • Windows Management Instrumentation (WMI)
        • Windows PowerShell
          • Using PowerShell scripts
          • Logging PowerShell activity
        • Windows Resource Checker
        • Windows Security audit
        • Windows Task Scheduler
        • Windows Time service
        • Microsoft Windows Update
        • Windows USB auditing
        • Yokogawa FAST/TOOLS
        • Zeek (formerly Bro) Network Security Monitor
      • Troubleshooting
        • Internal logs
        • Common issues
        • Debugging NXLog
        • Generating test data
    • NXLog Add-Ons
      • Amazon S3
      • Box
      • Cisco FireSIGHT eStreamer
      • Cisco Intrusion Prevention Systems (CIDEE)
      • Exchange (nxlog-xchg)
      • Google Logging API
      • Microsoft Azure and Office 365
      • MSI for NXLog agent setup
      • Okta
      • Perlfcount
      • Salesforce
    • NXLog Enterprise Edition Reference Manual
      • Man Pages
        • nxlog(8)
        • nxlog-processor(8)
      • Configuration
      • Language
      • Input Modules
        • Process Accounting (im_acct)
        • AIX Auditing (im_aixaudit)
        • Azure (im_azure)
        • Batched compression (im_batchcompress)
        • Basic Security Module Auditing (im_bsm)
        • Check Point OPSEC LEA (im_checkpoint)
        • DBI (im_dbi)
        • Event Tracing for Windows (im_etw)
        • External programs (im_exec)
        • File (im_file)
        • File Integrity Monitoring (im_fim)
        • Go (im_go)
        • HTTP(s) (im_http)
        • Internal (im_internal)
        • Java (im_java)
        • Kafka (im_kafka)
        • Kernel (im_kernel)
        • Linux Audit System (im_linuxaudit)
        • macOS Endpoint Security (im_maces)
        • macOS ULS (im_maculs)
        • Mark (im_mark)
        • Event Log for Windows XP/2000/2003 (im_mseventlog)
        • Event Log for Windows 2008/Vista and later (im_msvistalog)
        • Null (im_null)
        • ODBC (im_odbc)
        • Packet capture (im_pcap)
        • Perl (im_perl)
        • Named Pipes (im_pipe)
        • Python (im_python)
        • Redis (im_redis)
        • Windows Registry Monitoring (im_regmon)
        • Ruby (im_ruby)
        • TLS/SSL (im_ssl)
        • Systemd (im_systemd)
        • TCP (im_tcp)
        • Test Generator (im_testgen)
        • UDP (im_udp)
        • Unix Domain Sockets (im_uds)
        • Windows Performance Counters (im_winperfcount)
        • Windows Event Collector (im_wseventing)
        • ZeroMQ (im_zmq)
      • Output Modules
        • Microsoft Azure Sentinel (om_azure)
        • Batched Compression (om_batchcompress)
        • Blocker (om_blocker)
        • DBI (om_dbi)
        • Elasticsearch (om_elasticsearch)
        • EventDB (om_eventdb)
        • Program (om_exec)
        • Files (om_file)
        • Go (om_go)
        • Google Chronicle (om_chronicle)
        • HTTP(s) (om_http)
        • Java (om_java)
        • Kafka (om_kafka)
        • Null (om_null)
        • ODBC (om_odbc)
        • Perl (om_perl)
        • Named Pipes (om_pipe)
        • Python (om_python)
        • Raijin (om_raijin)
        • Redis (om_redis)
        • Ruby (om_ruby)
        • TLS/SSL (om_ssl)
        • TCP (om_tcp)
        • UDP (om_udp)
        • UDP with IP Spoofing (om_udpspoof)
        • Unix Domain Sockets (om_uds)
        • WebHDFS (om_webhdfs)
        • ZeroMQ (om_zmq)
      • Extension Modules
        • Remote Management (xm_admin)
        • AIX Auditing (xm_aixaudit)
        • Apple System Logs (xm_asl)
        • Basic Security Module Auditing (xm_bsm)
        • Common Event Format (xm_cef)
        • Character Set Conversion (xm_charconv)
        • Delimiter-Separated Values (xm_csv)
        • Encryption (xm_crypto)
        • External Programs (xm_exec)
        • File Lists (xm_filelist)
        • File Operations (xm_fileop)
        • GELF (xm_gelf)
        • Go (xm_go)
        • Grok (xm_grok)
        • Java (xm_java)
        • JSON (xm_json)
        • Key-Value Pairs (xm_kvp)
        • LEEF (xm_leef)
        • Microsoft DNS Server (xm_msdns)
        • Multiline Parser (xm_multiline)
        • NetFlow (xm_netflow)
        • Microsoft Network Policy Server (xm_nps)
        • Pattern Matcher (xm_pattern)
        • Perl (xm_perl)
        • Python (xm_python)
        • Resolver (xm_resolver)
        • Rewrite (xm_rewrite)
        • Ruby (xm_ruby)
        • SAP (xm_sap)
        • SNMP Traps (xm_snmp)
        • Remote Management (xm_soapadmin)
        • Syslog (xm_syslog)
        • W3C (xm_w3c)
        • WTMP (xm_wtmp)
        • XML (xm_xml)
        • Compression (xm_zlib)
      • Processor Modules
        • Blocker (pm_blocker)
        • Buffer (pm_buffer)
        • Event Correlator (pm_evcorr)
        • Filter (pm_filter)
        • HMAC Message Integrity (pm_hmac)
        • HMAC Message Integrity Checker (pm_hmac_check)
        • De-Duplicator (pm_norepeat)
        • Null (pm_null)
        • Pattern Matcher (pm_pattern)
        • Format Converter (pm_transformer)
        • Timestamping (pm_ts)
    • NXLog Manager User Guide
      • Introduction
      • Requirements for Installation
      • Installation
        • Installing on Debian Stretch and Buster
        • Installing on RHEL 6 & 7
        • Installing as Docker Application
        • Deploying on AWS
        • Configuring NXLog Manager for Standalone Mode
        • Configuring NXLog Manager for Cluster Mode
        • Database Initialization
        • Starting NXLog Manager
        • NXLog Manager configuration
        • Enabling HTTPS for NXLog Manager
        • Increasing the Open File Limit for NXLog Manager Using systemd
        • Increasing the Heap Size for NXLog Manager
        • Upgrading NXLog Manager
        • Host Setup Common Issues
        • Scaling NXLog Manager
      • Dashboard
      • Fields
      • Patterns
      • Correlation
      • Agents
        • Agent-Manager Connectivity
        • Agent Names and Addresses
        • Agent Visibility
        • Agent Management
        • Agent Information
        • Agent configuration
        • Module configuration
      • Templates
      • Agent groups
      • Certificates
      • Configuration settings
      • Access control
      • RESTful web services
        • Agent services
        • Manager services
        • Certificate services
        • Template services
    • NXLog Agent Minder
      • Getting started
      • Architectural overview
      • Command line interface
      • Agent management best practices
      • Command line options
      • Configuring Prometheus
      • Public APIs
    • NXLog Community Edition Reference Manual
      • Man Pages
        • nxlog(8)
        • nxlog-processor(8)
      • Configuration
      • Language
      • Extension Modules
        • Character Set Conversion (xm_charconv)
        • Delimiter-Separated Values (xm_csv)
        • External Programs (xm_exec)
        • File Operations (xm_fileop)
        • GELF (xm_gelf)
        • JSON (xm_json)
        • Key-Value Pairs (xm_kvp)
        • Multi-Line Parser (xm_multiline)
        • Perl (xm_perl)
        • Perl (im_perl)
        • Perl (om_perl)
        • Syslog (xm_syslog)
        • WTMP (xm_wtmp)
        • XML (xm_xml)
        • Grok (xm_grok)
        • Python (xm_python)
      • Input Modules
        • Fields
        • DBI (im_dbi)
        • External Programs (im_exec)
        • Files (im_file)
        • Internal (im_internal)
        • Kernel (im_kernel)
        • Mark (im_mark)
        • EventLog for Windows XP/2000/2003 (im_mseventlog)
        • EventLog for Windows 2008/Vista and Later (im_msvistalog)
        • Null (im_null)
        • Named Pipes (im_pipe)
        • TLS/SSL (im_ssl)
        • TCP (im_tcp)
        • UDP (im_udp)
        • Unix Domain Sockets (im_uds)
        • Systemd (im_systemd)
        • Python (im_python)
      • Processor Modules
        • Blocker (pm_blocker)
        • Buffer (pm_buffer)
        • Event Correlator (pm_evcorr)
        • De-Duplicator (pm_norepeat)
        • Null (pm_null)
        • Pattern Matcher (pm_pattern)
        • Format Converter (pm_transformer)
      • Output Modules
        • Blocker (om_blocker)
        • DBI (om_dbi)
        • Program (om_exec)
        • Files (om_file)
        • HTTP(s) (om_http)
        • Null (om_null)
        • TLS/SSL (om_ssl)
        • TCP (om_tcp)
        • UDP (om_udp)
        • Unix Domain Sockets (om_uds)
        • Python (om_python)
        • Raijin (om_raijin)
NXLog Documentation master
  • NXLog Add-Ons
    • master
  • NXLog Agent Minder
    • v0.5
  • NXLog Community Edition Reference Manual
    • v3.0
  • NXLog Documentation
    • master
  • NXLog Manager
    • v5.6
  • NXLog Reference Manual
    • v5.5
  • NXLog Documentation
  • NXLog User Guide
  • Introduction
  • System architecture

System architecture

  • Event records and fields — How events are represented during processing

  • Modules and routes — How module instances are used to build routes for log data

  • Buffering and flow control — An introduction to the NXLog’s default buffers

  • Log processing modes — The ways an NXLog agent can be configured to process logs

Get started with NXLog Event records and fields
NxLog logo

© Copyright NXLog Ltd.

PRIVACY POLICY TERMS OF USE

  • MORE NXLOG

  • COMPARE SOLUTIONS
  • INDUSTRIES
  • RESOURCES

  • DOCUMENTATION
  • WHITEPAPERS
  • WEBINARS
  • BLOG
  • PARTNERS

  • FIND A RESELLER
  • ABOUT US

  • WHY NXLOG
  • CAREERS
  • CONTACT US
  • DOWNLOADS

  • NXLOG ENTERPRISE EDITION
  • NXLOG MANAGER
  • NXLOG COMMUNITY EDITION