Log tapping to find rogue devices and parsing errors

As the second part of our series of use cases videos, I'm showing you how to use log tapping to detect rogue devices, and how investigate parsing errors, and find out what's wrong with the syslog messages your devices are sending. We'll keep adding use cases continually, so come back to stay current with recent developments, or follow us on Linkedin! UPDATE: See how you can add sources and connect them to a destination in the Axoflow Zero to Hero blog!

Log tapping

Rogue Device Detection

A common issue with log collection is determining who (or what) is sending logs. Many organizations have logging standards and procedures in place, but no matter how rigorous these policies are (or how robust the CMDB is stated to be), rogue data seems to make its way into the logging platform. In many cases, the logs won't parse properly, and will land in “fallback” or other catch-all destinations in your SIEM or analytics platform.

Today’s video highlights the use of Axoflow’s Analytics platform along with the new Log Tapping feature to help determine what is being sent, and from where.

Check out the attached video to see how easy it is to find suspicious devices that send data into your logging pipeline.

Parsing with Log Tapping

Related to rogue device detection are the challenges of log parsing. Though parsing issues crop up mainly with new sources, existing log sources/devices that undergo firmware updates, application updates, and other administrative changes also can fall prey to having their data land in “fallback” again. In these cases, the notion of “send me a PCAP” to troubleshoot is now a thing of the past, replaced with a simple interface in the Axoflow console. It provides a wealth of information about the incoming (or outgoing) log stream, allowing you to tweak the device or application to match an existing parser, or aid in the development of a new one.

Watch the attached video to see how easy this is!

{{request-a-demo-button}}

webinar_labelswebinar_labels

Follow Our Progress!

We are excited to be realizing our vision above with a full Axoflow product suite.

Sign me up
This button is added to each code block on the live site, then its parent is removed from here.

Fighting data Loss?

Balázs Scheidler

Book a free 30-min consultation with syslog-ng creator Balázs Scheidler

Recent posts

1 year of AxoSyslog
Parsing firewall logs with FilterX
Axoflow Zero to Hero: Stream Security Data Anywhere