NXLOG is a universal log collector and forwarder supporting different platforms, log sources and protocols.
NXLog can work in a heterogenous environment collecting event logs from thousands of different sources in many formats. NXLog can accept event logs from TCP, UDP, file-based logs, database and various other sources in different formats such as Syslog, Windows Event Log, DNS debug log etc.
It can perform log rewrite, correlation, alerting, pattern matching, execute scheduled jobs, log rotation and log conversion in other formats such as to JSON. It was designed to be able to fully utilize today's multi-core CPU systems. Its multi-threaded architecture enables input, log processing and output tasks to be executed in parallel. Using a high-performance I/O layer, it is capable of handling thousands of simultaneous client connections and process log volumes above the 100.000 EPS range.
NXLog tries hard to minimize losing log messages. It does not drop any unless instructed to. It can process input sources in a prioritized order, meaning that a higher priority source will be always processed before others. This can further help avoiding UDP message loss (as an example). In case of network congestion or other log transmission problems, NXLog can buffer messages on the disk or in memory. Using loadable modules it supports different input sources and log formats, not only limited to Syslog but Windows Event Log, audit logs or even custom binary application logs.
It is possible to further extend its functionality by using custom loadable modules similarly to the Apache Web server. In addition to the online log processing mode, it can be used to process logs in batch mode in an offline fashion. A powerful configuration language with an Apache style configuration file syntax enables it to rewrite logs, send alerts, execute external scripts or do virtually anything based on any criteria specified using the NXLog configuration language.
Please see the NXLog User Guide for more information.
