Generic Linux services

Generic Linux services: A generic placeholder for program classifications

These classifications include non-vendor specific services and applications commonly found on Linux/Unix hosts.

To onboard such a source to Axoflow, complete the generic appliance onboarding steps.

Labels

Axoflow automatically adds the following labels to data collected from this source:

Analytics label	Message field	value
vendor	meta.vendor	nix
product	meta.product	generic
service	meta.service.name	bind, chronyd, cron, cupsd, dbus-daemon, dhcpd, dnsmasq, dnf, dockerd, NetworkManager, nxlog, rsyslogd, sshd, su, sudo, syslog-ng, or systemd

You can use the labels as:

• Filter labels on the Analytics page,
• in the Filter By Label field during log tapping.

You can use the message fields

• in Flow Processing steps, for example, in the Query field of Select Messages steps,
• in AQL expressions in the search bars.

Sending data to Splunk

When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:

source	sourcetype	index
program:chron	nix:syslog	netops
program:chronyd	nix:syslog	netops
program:cupsd	nix:syslog	netops
program:dbus-daemon	nix:syslog	netops
program:dhcpd	isc:dhcpd	netipam
program:dnf	nix:syslog	netops
program:dockerd	nix:syslog	netops
program:dnsmasq	nix:syslog	netdns
program:named	isc:bind:network	netdns
program:NetworkManager	nix:syslog	netops
program:nxlog	nix:syslog	netops
program:rsyslogd	nix:syslog	netops
program:sshd	nix:syslog	netops
program:su	nix:syslog	netauth
program:sudo	nix:syslog	netauth
program:syslog-ng	nix:syslog	netops
program:systemd	nix:syslog	netops

Tested with: Splunk Add-on for Infoblox

Sending data to Google SecOps

When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: BIND_DNS, ISC_DHCP, NIX_SYSTEM, or OPENSSH.