Mark Bonsack - Axoflow
by 
Mark Bonsack
August 22, 2024
and
No items found.
axoflow
product-video

Log tapping to find rogue devices and parsing errors

Jump to the video

As the second part of our series of use cases videos, I'm showing you how to use log tapping to detect rogue devices, and how investigate parsing errors, and find out what's wrong with the syslog messages your devices are sending. We'll keep adding use cases continually, so come back to stay current with recent developments, or follow us on Linkedin!If you have a use case that you would like to see explored, please do let us know!

Log tapping

Rogue Device Detection

A common issue with log collection is determining who (or what) is sending logs. Many organizations have logging standards and procedures in place, but no matter how rigorous these policies are (or how robust the CMDB is stated to be), rogue data seems to make its way into the logging platform. In many cases, the logs won't parse properly, and will land in “fallback” or other catch-all destinations in your SIEM or analytics platform.

Today’s video highlights the use of Axoflow’s Analytics platform along with the new Log Tapping feature to help determine what is being sent, and from where.

Check out the attached video to see how easy it is to find suspicious devices that send data into your logging pipeline.

Parsing with Log Tapping

Related to rogue device detection are the challenges of log parsing. Though parsing issues crop up mainly with new sources, existing log sources/devices that undergo firmware updates, application updates, and other administrative changes also can fall prey to having their data land in “fallback” again. In these cases, the notion of “send me a PCAP” to troubleshoot is now a thing of the past, replaced with a simple interface in the Axoflow console. It provides a wealth of information about the incoming (or outgoing) log stream, allowing you to tweak the device or application to match an existing parser, or aid in the development of a new one.

Watch the attached video to see how easy this is!

{{request-a-demo-button}}

webinar_labelswebinar_labels

Follow Our Progress!

We are excited to be realizing our vision above with a full Axoflow product suite.

Sign me up
This button is added to each code block on the live site, then its parent is removed from here.
Request a demo

Recent posts

Send syslog data to Grafana Loki with syslog-ng
Why Policy-Based Routing Beats Static Rules
Classify security data in transit: improve data quality and reduce costs
Ways to break data ingestion of your SIEM
AxoRouter Opens Windows! (WEC Edition)

Any Questions?

We are here to answer!

Stay in Touch?

Sign up to our newsletter!