Generic Linux services: A generic placeholder for program classifications
These classifications include non-vendor specific services and applications commonly found on Linux/Unix hosts.
To onboard such a source to Axoflow, complete the generic appliance onboarding steps.
Labels
Axoflow automatically adds the following labels to data collected from this source:
| Analytics label | Message field | value |
|---|---|---|
vendor |
meta.vendor |
nix |
product |
meta.product |
generic |
service |
meta.service.name |
bind, chronyd, cron, cupsd, dbus-daemon, dhcpd, dnsmasq, dnf, dockerd, NetworkManager, nxlog, rsyslogd, sshd, su, sudo, syslog-ng, or systemd |
You can use the labels as:
- Filter labels on the Analytics page,
- in the Filter By Label field during log tapping.
You can use the message fields
- in Flow Processing steps, for example, in the Query field of Select Messages steps,
- in AQL expressions in the search bars.
Sending data to Splunk
When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings:
| source | sourcetype | index |
|---|---|---|
program:chron |
nix:syslog |
netops |
program:chronyd |
nix:syslog |
netops |
program:cupsd |
nix:syslog |
netops |
program:dbus-daemon |
nix:syslog |
netops |
program:dhcpd |
isc:dhcpd |
netipam |
program:dnf |
nix:syslog |
netops |
program:dockerd |
nix:syslog |
netops |
program:dnsmasq |
nix:syslog |
netdns |
program:named |
isc:bind:network |
netdns |
program:NetworkManager |
nix:syslog |
netops |
program:nxlog |
nix:syslog |
netops |
program:rsyslogd |
nix:syslog |
netops |
program:sshd |
nix:syslog |
netops |
program:su |
nix:syslog |
netauth |
program:sudo |
nix:syslog |
netauth |
program:syslog-ng |
nix:syslog |
netops |
program:systemd |
nix:syslog |
netops |
Tested with: Splunk Add-on for Infoblox
Sending data to Google SecOps
When sending the data collected from this source to a dynamic Google SecOps destination, Axoflow sets the following log type: BIND_DNS, ISC_DHCP, NIX_SYSTEM, or OPENSSH.