Jump to the video

As the second part of our series of use cases videos, I’m showing you how to use log tapping to detect rogue devices, and how investigate parsing errors, and find out what’s wrong with the syslog messages your devices are sending. We’ll keep adding use cases continually, so come back to stay current with recent developments, or follow us on Linkedin!

If you have a use case that you would like to see explored, please do let us know!

Log tapping

Rogue Device Detection

A common issue with log collection is determining who (or what) is sending logs. Many organizations have logging standards and procedures in place, but no matter how rigorous these policies are (or how robust the CMDB is stated to be), rogue data seems to make its way into the logging platform. In many cases, the logs won’t parse properly, and will land in “fallback” or other catch-all destinations in your SIEM or analytics platform.

Today’s video highlights the use of Axoflow’s Analytics platform along with the new Log Tapping feature to help determine what is being sent, and from where.

Check out the attached video to see how easy it is to find suspicious devices that send data into your logging pipeline.

Parsing with Log Tapping

Related to rogue device detection are the challenges of log parsing. Though parsing issues crop up mainly with new sources, existing log sources/devices that undergo firmware updates, application updates, and other administrative changes also can fall prey to having their data land in “fallback” again. In these cases, the notion of “send me a PCAP” to troubleshoot is now a thing of the past, replaced with a simple interface in the Axoflow console. It provides a wealth of information about the incoming (or outgoing) log stream, allowing you to tweak the device or application to match an existing parser, or aid in the development of a new one.

Watch the attached video to see how easy this is!

 

Resilient syslog architectures webinar by Balazs Scheidler

On-demand Webinar

Resilient syslog
architectures

On-demand Webinar

Identifying and eliminating
syslog message drops

Balázs Scheidler - Webinar

Follow Our Progress!

We are excited to be realizing our vision above with a full Axoflow product suite.

Request Early Access

  • A zero-commitment trial of AxoRouter to see how it automatically identifies your data sources and applies the relevant curation to them.

    I have read and agree to the terms & conditions.

    Request a Demo

    • A zero-commitment demo of the Axoflow Platform.
    • A chance to see how optimized telemetry can improve your observability operations and reduce costs.

      I have read and agree to the terms & conditions.

      Subscribe for Product News

      • Technology oriented content only.
      • Not more than 1-3 posts per month.
      • You can unsubscribe any time.

      By signing up you agree to receive promotional messages
      according to Axoflow's Terms of Services.