Log files Logs and data can be loaded into the XpoLog servers from the following types of data sourcesPortX in two ways - either by connecting to a source and reading from it (pull) or by using an agent or a device mechanism that can ship data to XPLG (push).
There are multiple types of data format that can be defined:
- Any Textual files in any format
- Windows Event Logs
- Syslog
- JSON
- Cisco NetFlow
- Kafka
- AWS / Azure
- K8s / OpenShift
- Database tables
...
Pull method options:
- Local(Linux)/Local Network(Windows) - XpoLog XPLG can access a local log file, i.e. a log file that resides on the same server as XpoLogXPLG, and read it into XpoLogXPLG. XpoLog XPLG can also access a log file on a remote server to which it has been provided direct access (i.e. the server has a service account that enables remote access to these servers), if XpoLog XPLG is provided with the UNC path (\\hostname\dirname) to the log files on the remote server or on UNIX based machines direct access to mounted directories.
- Windows Network - XpoLog XPLG can access a server in a Windows Network, provided that XpoLog XPLG has an account with a username and password for connecting to the Windows server on which the log files reside and XpoLog XPLG is installed on a server that runs on Windows (only in windows based installation).
- Windows Network - XpoLog XPLG can access a server in a Windows Network, provided that XpoLog XPLG has an account with a username and password for connecting to the Windows server on which the log files reside and XpoLog XPLG is installed on a server that runs on Windows (only in windows based installation).
- SSH (Secured shell) - XpoLog XPLG can access a log file on remote servers over SSH agent-less, provided that XpoLog has XPLG has an account with a username and password or private/public key for connecting to the SSH server on which the log files reside. Usually used for connecting to Unix servers (Linux systems).
- Windows Events - XpoLog XPLG support Windows Event logs (evt, evtx) which can be added from remote servers in the Windows environment (only in windows based installation)
- Hadoop HDFS - XpoLog XPLG contains an integration to Hadoop HDFS and can access logs which reside on the Hadoop environment
- AWS (Amazon Web Services) S3 Bucket - XpoLog XPLG contains integration to Amazon Web Services (AWS) and can access machines which are hosted on the Amazon cloud
- Database - XpoLog XPLG can connect to any Database which supports JDBC connectivity to add database tables as logs in XpoLogXPLG
- Remote XpoLog Remote XPLG - XpoLog XPLG can communicate over HTTP/S with other XpoLog XPLG instances in the environment to collect data from multiple XpoLog XPLG instances into a centralized viewer
- Local XpoLog XPLG - In case there is a need to filter specific data from existing Log, XpoLog XPLG can collect logs from its local data repository
- Listeners - XpoLog listens to data - send data to XpoLog via Syslog UPD or TCP / HTTP/S JSON, Cisco NetFlow and more to receive events from sources/devices
- AWS Cloud Trail - get data from AWS
- Microsoft Azure 365 Active Directory data - get data from Azure Active Directory
- Additional API based plugins to OKTA, Kiteworks, box, Salesforce, etc.
Note: XpoLog XPLG requires Read permission for any log that it reads, regardless of the source of the log file.While the logs are being copied into the XpoLog server's repository, XpoLog indexes the log files and performs on them Analytics. It saves the data, index and analysis of the log files in XpoLog make them available for searching, analysis and visualization. It is possible to define a storage policy on each log to determine the time XpoLog should keep its data available
Push method options:
- Syslog (UDP/TCP)
- HTTP/S
- Kubernetes / OpenShift
- Kafka
- SAP
- Cisco NetFlow
Log are received into PortX and goes through a digestion process for optimization, encryption, indexing and more. Data is then stored and available for all XPLG service for as long as defined in the associated collection policy.
See Adding Data to XPLG for detailed instructions on how to add a single log file to XpoLog, or Adding a Logs Directory to XpoLog for detailed instructions on how to to add a directory of log files to XpoLog or data to XPLG, Add System to use XpoLog XPLG out of the box wizards to add data and the Listeners section for more information.