NXLog can collect various types of system logs on GNU/Linux platforms. For deployment details, see the supported Linux platforms and the corresponding installation page for RHEL/CentOS, Debian/Ubuntu, or SLES. Notes are also available about hardening and monitoring NXLog on Linux.
- Custom Programs and Scripts
The im_exec module allows log data to be collected from custom external programs. The im_perl, im_python and im_ruby modules can also be used to implement integration with custom data sources or sources that are not supported out-of-the-box.
The Perlfcount add-on can be used to collect system information and statistics on Linux platforms.
- DNS Monitoring
Logs can be collected from BIND 9 on Linux.
- File Integrity Monitoring
- Linux Audit System
The im_linuxaudit module can be used to collect Audit System logs directly from the kernel without using auditd or temporary log files. Audit logs can also be collected from file with im_file; or via the network with the Audit Dispatcher, the
audisp-remoteplugin, and im_tcp. See Linux Audit System for more details.
- Local Syslog
Messages written to
/dev/logcan be collected with the im_uds module. Events written to file in Syslog format can be collected with im_file. In each case, the xm_syslog module can be used to parse the events. See the Linux System Logs and Collecting and Parsing Syslog sections for more information.
- Log Databases
- Log Files
The im_file module can be used to collect events from log files.
- Process Accounting
The im_acct module can be used to gather details about who runs what processes. This overlaps with Audit System logging.