Parsing sucks! Watch our on-demand webinar and learn what you can do about it! >>
Jump to the video

As the second part of our series of use cases videos, I’m showing you how to use log tapping to detect rogue devices, and how investigate parsing errors, and find out what’s wrong with the syslog messages your devices are sending. We’ll keep adding use cases continually, so come back to stay current with recent developments, or follow us on Linkedin!

If you have a use case that you would like to see explored, please do let us know!

Log tapping

Rogue Device Detection

A common issue with log collection is determining who (or what) is sending logs. Many organizations have logging standards and procedures in place, but no matter how rigorous these policies are (or how robust the CMDB is stated to be), rogue data seems to make its way into the logging platform. In many cases, the logs won’t parse properly, and will land in “fallback” or other catch-all destinations in your SIEM or analytics platform.

Today’s video highlights the use of Axoflow’s Analytics platform along with the new Log Tapping feature to help determine what is being sent, and from where.

Check out the attached video to see how easy it is to find suspicious devices that send data into your logging pipeline.

Parsing with Log Tapping

Related to rogue device detection are the challenges of log parsing. Though parsing issues crop up mainly with new sources, existing log sources/devices that undergo firmware updates, application updates, and other administrative changes also can fall prey to having their data land in “fallback” again. In these cases, the notion of “send me a PCAP” to troubleshoot is now a thing of the past, replaced with a simple interface in the Axoflow console. It provides a wealth of information about the incoming (or outgoing) log stream, allowing you to tweak the device or application to match an existing parser, or aid in the development of a new one.

Watch the attached video to see how easy this is!

 

On-deman Webinar

Parsing
sucks!

What can you do
about it?

56 minutes

Balázs SCHEIDLER

Balázs SCHEIDLER

Founder syslog-ng™

Mark BONSACK

Mark BONSACK

Co-creator SC4S

Sándor GUBA

Sándor GUBA

Founder Logging Operator

Neil BOYD

Neil BOYD

Moderator

On-demand Webinar

Parsing
sucks!

What can you do about it?

56 minutes

Follow Our Progress!

We are excited to be realizing our vision above with a full Axoflow product suite.