# Generic Linux services Generic Linux services: A generic placeholder for program classifications These classifications include non-vendor specific services and applications commonly found on Linux/Unix hosts. To onboard such a source to Axoflow, complete the [generic appliance onboarding steps](../../../../docs/axoflow/data-sources/appliances/index.md). ## Labels Axoflow automatically adds the following labels to data collected from this source: Analytics label | Message field | value ---|---|--- `vendor` | [`meta.vendor`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.vendor) | `nix` `product` | [`meta.product`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.product) | `generic` `service` | [`meta.service.name`](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.service.name) | `bind`, `chronyd`, `cron`, `cupsd`, `dbus-daemon`, `dhcpd`, `dnsmasq`, `dnf`, `dockerd`, `NetworkManager`, `nginx`, `nxlog`, `rsyslogd`, `sshd`, `su`, `sudo`, `syslog-ng`, or `systemd` You can use the labels as: * **Filter labels** on the [Analytics page](../../../../docs/axoflow/metrics/analytics/index.md), * in the **Filter By Label** field during [log tapping](../../../../docs/axoflow/onboard-hosts/log-tapping/index.md). You can use the message fields * in [Flow Processing steps](../../../../docs/axoflow/data-management/processing/index.md), for example, in the **Query** field of **Select Messages** steps, * in AQL expressions in the search bars. ## Sending data to Splunk When sending the data collected from this source to Splunk, Axoflow uses the following sourcetype and index settings: source | sourcetype | index ---|---|--- `program:chron` | `nix:syslog` | `netops` `program:chronyd` | `nix:syslog` | `netops` `program:cupsd` | `nix:syslog` | `netops` `program:dbus-daemon` | `nix:syslog` | `netops` `program:dhcpd` | `isc:dhcpd` | `netipam` `program:dnf` | `nix:syslog` | `netops` `program:dockerd` | `nix:syslog` | `netops` `program:dnsmasq` | `nix:syslog` | `netdns` `program:named` | `isc:bind:network` | `netdns` `program:NetworkManager` | `nix:syslog` | `netops` `program:nxlog` | `nix:syslog` | `netops` `program:rsyslogd` | `nix:syslog` | `netops` `program:sshd` | `nix:syslog` | `netops` `program:su` | `nix:syslog` | `netauth` `program:sudo` | `nix:syslog` | `netauth` `program:syslog-ng` | `nix:syslog` | `netops` `program:systemd` | `nix:syslog` | `netops` Tested with: [Splunk Add-on for Infoblox]() If the Axoflow classification doesn’t set the source field for the message automatically, and you haven’t set it in a [flow processing step](../../../../docs/axoflow/data-management/processing/index.md#set-fields) manually (by setting the `meta.destination.splunk.source` field), AxoRouter automatically sets the source to the [name of the AxoRouter connector](../../../../docs/axoflow/reference/message-schema/reference/index.md#meta.connector.name) that received the message (for example, `axorouter-syslog-tcp-514`). ## Sending data to Google SecOps When sending the data collected from this source to a [_dynamic_ Google SecOps destination](../../../../docs/axoflow/destinations/google/secops/index.md), Axoflow sets the following log type: `BIND_DNS, ISC_DHCP, NIX_SYSTEM, or OPENSSH`. ## Sending data to Microsoft Sentinel When sending the data collected from this source to a [Microsoft Sentinel destination](../../../../docs/axoflow/destinations/microsoft/sentinel/index.md), Axoflow normalizes the data and sends it to the following table: `Syslog`.