Log tapping to find rogue devices and parsing errors

‍

As the second part of our series of use cases videos, I'm showing you how to use log tapping to detect rogue devices, and how investigate parsing errors, and find out what's wrong with the syslog messages your devices are sending. We'll keep adding use cases continually, so come back to stay current with recent developments, or follow us on Linkedin!If you have a use case that you would like to see explored, please do let us know!

Log tapping

Rogue Device Detection

A common issue with log collection is determining who (or what) is sending logs. Many organizations have logging standards and procedures in place, but no matter how rigorous these policies are (or how robust the CMDB is stated to be), rogue data seems to make its way into the logging platform. In many cases, the logs won't parse properly, and will land in “fallback” or other catch-all destinations in your SIEM or analytics platform.

Today’s video highlights the use of Axoflow’s Analytics platform along with the new Log Tapping feature to help determine what is being sent, and from where.

‍Check out the attached video to see how easy it is to find suspicious devices that send data into your logging pipeline.

Parsing with Log Tapping

Related to rogue device detection are the challenges of log parsing. Though parsing issues crop up mainly with new sources, existing log sources/devices that undergo firmware updates, application updates, and other administrative changes also can fall prey to having their data land in “fallback” again. In these cases, the notion of “send me a PCAP” to troubleshoot is now a thing of the past, replaced with a simple interface in the Axoflow console. It provides a wealth of information about the incoming (or outgoing) log stream, allowing you to tweak the device or application to match an existing parser, or aid in the development of a new one.

‍Watch the attached video to see how easy this is!

• For more information on how log tapping works, see the Troubleshooting syslog errors with log tapping blog post.
  
• For details on the types of syslog errors that are automatically tagged, see the Error tagging in AxoSyslog blog post.

{{request-a-demo-button}}