Onboard existing syslog infrastructure

If your organization already has a syslog architecture in place, Axoflow provides ways to reuse it. This allows you to integrate your existing infrastructure with Axoflow, and optionally – in a later phase – replace your log collectors with the agents provided by Axoflow.

Managed AxoRouter deployments

In this deployment mode you use the centralized management UI of Axoflow Console to manage your AxoRouter instances. This provides the tightest integration and the most benefits, including:

• Configuration management from the UI
• Automatic host inventory and host attribution
• Automatic classification and enrichment of incoming data
• Advanced routing based on labels
• Advanced and more detailed metrics about the log ingestion, processing, data drops, delays
• Detailed analytics about the transported data
• Access to the FilterX data processing engine
• Ability to receive OpenTelemetry data
• Acts as a Windows Event Collector server, allowing you to collect Windows events
• Optimized output for the specific SIEMs
• Data reduction
• Get notifications about alerts and anomalies

Unmanaged AxoRouter deployments

In this mode, you install AxoRouter on the data source to replace its local collector agent, and manage it manually. That way you get the functional benefits of using AxoRouter as an aggregator and data curation engine to collect and classify your data, but can manage its configuration as you see fit. This gives you all the benefits of the read-only mode (since AxoRouter includes Axolet as well), and in addition, it provides:

• Detailed metrics about the log ingestion, processing, data drops, delays
• Detailed analytics about the transported data
• Access to the FilterX data processing engine
• Ability to receive OpenTelemetry data
• Optimized output for the specific SIEMs
• Data reduction
• Get notifications about alerts and anomalies

Read-only mode

In this scenario, you install Axolet on the data source. Axolet is a monitoring (and management) agent that integrates with the local log collector, like AxoSyslog, Splunk Connect for Syslog, or syslog-ng, and sends detailed metrics about the host and its data traffic to the Axoflow Console. This allows you to use the Axoflow Console to:

• Get a visual overview of your security data pipeline topology
• Check the metrics about the log ingestion, processing, and data drops
• Browse data analytics and health checks
• Get notifications about alerts and anomalies