Adding Data
Logs and data can be loaded into the PortX in two ways - either by connecting to a source and reading from it (pull) or by using an agent or a device mechanism that can ship data to XPLG (push).
There are multiple types of data format that can be defined:
- Any Textual files in any format
- Windows Event Logs
- Syslog
- JSON
- Cisco NetFlow
- Kafka
- AWS / Azure
- K8s / OpenShift
- Database tables
Pull method options:
- Local(Linux)/Local Network(Windows) - XPLG can access a local log file, i.e. a log file that resides on the same server as XPLG, and read it into XPLG. XPLG can also access a log file on a remote server to which it has been provided direct access (i.e. the server has a service account that enables remote access to these servers), if XPLG is provided with the UNC path (\\hostname\dirname) to the log files on the remote server or on UNIX based machines direct access to mounted directories.
- Windows Network - XPLG can access a server in a Windows Network, provided that XPLG has an account with a username and password for connecting to the Windows server on which the log files reside and XPLG is installed on a server that runs on Windows (only in windows based installation).
- Windows Network - XPLG can access a server in a Windows Network, provided that XPLG has an account with a username and password for connecting to the Windows server on which the log files reside and XPLG is installed on a server that runs on Windows (only in windows based installation).
- SSH (Secured shell) - XPLG can access a log file on remote servers over SSH agent-less, provided that XPLG has an account with a username and password or private/public key for connecting to the SSH server on which the log files reside. Usually used for connecting to Unix servers (Linux systems).
- Windows Events - XPLG support Windows Event logs (evt, evtx) which can be added from remote servers in the Windows environment (only in windows based installation)
- Hadoop HDFS - XPLG contains an integration to Hadoop HDFS and can access logs which reside on the Hadoop environment
- AWS (Amazon Web Services) S3 Bucket - XPLG contains integration to Amazon Web Services (AWS) and can access machines which are hosted on the Amazon cloud
- Database - XPLG can connect to any Database which supports JDBC connectivity to add database tables as logs in XPLG
- Remote XPLG - XPLG can communicate over HTTP/S with other XPLG instances in the environment to collect data from multiple XPLG instances into a centralized viewer
- Local XPLG - In case there is a need to filter specific data from existing Log, XPLG can collect logs from its local data repository
- AWS Cloud Trail - get data from AWS
- Microsoft Azure 365 Active Directory data - get data from Azure Active Directory
- Additional API based plugins to OKTA, Kiteworks, box, Salesforce, etc.
Note: XPLG requires Read permission for any log that it reads, regardless of the source of the log file.
Push method options:
- Syslog (UDP/TCP)
- HTTP/S
- Kubernetes / OpenShift
- Kafka
- SAP
- Cisco NetFlow
Log are received into PortX and goes through a digestion process for optimization, encryption, indexing and more. Data is then stored and available for all XPLG service for as long as defined in the associated collection policy.
See Adding Data to XPLG for detailed instructions on how to add data to XPLG, Add System to use XPLG out of the box wizards to add data and the Listeners section for more information.