The NXLOG Enterprise Edition provides the following features in addition to those available in the open-source version:
- SNMP input
Allows to receive SNMP traps which can then be converted to syslog, stored, forwarded, alerted on, etc.
- ODBC input and output
The ODBC output and input modules (om_odbc and im_odbc) are similar to the dbi modules available in the Community Edition. These allow to read/insert data from/into any ODBC compliant database. The primary purpose of the im_odbc module is native Windows MSSQL support to enable log collection from windows applications which write logs to MSSQL. The odbc output module can be used to insert data into an ODBC database. The modules are available on Windows as well as Linux (to be used with unixODBC).
- Remote collection of Windows EventLog
The im_wmi module allows remote collection of Windows EventLog over the WMI protocol on Linux hosts without the need to install an (nxlog) agent on the windows target. This feature is only available in the Linux version.
The im_msvistalog module can query and collect Windows EventLog remotely over MSRPC on Windows Vista and later versions. The im_msvistalog module in the Community Edition can only collect EventLog locally.
- Oracle database input and output
These are alternate modules over the dbi and odbc database modules to support Oracle servers using the native OCI interface.
- HP-UX audit log input
Reads logs from the HP-UX audit subsystem.
- Checkpoint LEA input
Enables the remote collection of Checkpoint firewall logs over the OPSEC/LEA protocol. This feature is only available in the Linux version.
- Support for external Timestamp Authority Servers
RFC 3161 compliant trusted timestamping support.
- Message integrity protection
Provides a chained HMAC based Message integrity protection for tamper-proof logs.
- Android input
A special input module which can read the Android device logs directly.
- Event correlation
A dedicated event correlation module can efficiently solve complex tasks and has similar capabilities as the open-source SEC tool.
- High-performance SQL output
A special database output module targeted for our nx-log4ensics log management platform. This allows DB load speed above 100k events/sec and retains all fields of the event which are stored in SQL.
- HTTP(s) protocol support
Restful services are becoming increasingly popular even for logging.
The Enterprise Editon comes with two modules im_http and om_http which make it possible to send or recieve log message data over HTTP or HTTPS.
- Remote management
This module allows the nxlog agents to be managed remotely over a secure SOAP/SSL connection. This makes it possible to update the configuration, correlation rules, patterns and certificates remotely from the nx-log4ensics web interface or from scripts. In addition, the nxlog agent and the individual modules can be stopped/started and log collection statistics can be queried for real-time statistics.
- Reliable operation and guaranteed delivery
The Enterprise Edition can operate in an ultra-reliable mode. Log message data is guaranteed to be delivered locally or over the network under any circumstances such as a server crash or a network connection failure.
For a full featured log analysis and management platform take a look at our nx-log4ensics solution.