Policy based routing

Axoflow’s host attribution gives you unprecedented possibilities to route your data. You can tell exactly what kind of data you want to send where. Not only based on technical parameters like sender IP or application name, but using a much more fine-grained inventory that includes information about the devices, their roles, and their location. For example:

  • The vendor and the product (for example, a SonicWall firewall)
  • The physical location of the device (geographical location, rack number)
  • Owner of the device (organization/department/team)

Sample labels

Axoflow automatically adds metadata labels based on information extracted from the data payload, but you can also add static custom labels to hosts manually, or dynamically using flows.

Paired with the information from the content of the messages, all this metadata allows you to formulate high-level, declarative policies and alerts using the metadata labels, for example:

  • Route the logs of devices to the owner’s Splunk index.
  • Route every firewall and security log to a specific index.
  • Let the different teams manage and observe their own devices.
  • Granular access control based on relevant log content (for example, identify a proxy log-stream based on the upstream address), instead of just device access.
  • Ensure that specific logs won’t cross geographic borders, violating GDPR or other compliance requirements.

Policy based routing