Today there are dozens of the log management tools to choose from. But the best log management tools offer capabilities that go well beyond just collection and aggregation of log data and basic search capabilities.
Merely indexing all the logs from all IT components, such servers, network appliances, machine data, third party applications, and home-grown applications will only result in thousands of search results on any query.
The vast amount of data generated by these systems means that you should not necessarily search for a specific log data record, but rather receive actionable business insights and gain situational awareness of your IT environment.
XpoLog Log Management solution offers integrated log collection, which can stream data from logstash, filesystem, databases, Windows systems, Linux machines, cloud applications, and more. Once all the data is collected and indexed it is used for search, log monitoring, SIEM, compliance reports, and log analysis. At this point, XpoLog Analytics search can harness machine learning and AI technologies to unlock important insights and surface the most relevant errors and events in the log data.
Agent-less Log Collection
Instead of installing intrusive agents on every system to collect the log data, XpoLog Log Management implements agent-less collection using SSH. XpoLog is completely non-intrusive and has a very low footprint with no impact on the sources. By using the existing protocols, XpoLog does not require any changes to your infrastructure providing immediate collection of log data. The XpoLog data collection mechanism detects dynamic changes in the log data, and manages references to the sources to ensure that the data collection is complete.
XpoLog offers the following log data collection capabilities:
XpoLog can collect log files from Windows Event Logs, SysLog, Database tables, and all textual files of any format. The data can come from multiple logs from local and/or remote infrastructures, including servers, applications, application servers, Windows machines, UNIX and Linux machines, network and security devices, databases, and data centers. XpoLog can also track and collect end-user transaction logs.
XpoLog uses UPD or TCP SysLog listeners to receive events from one or more sources, including Linux Syslog. Once XpoLog receives SysLog data, it can automatically create dedicated logs per source device. XpoLog parses and indexes all log events, allowing search and log event correlations between data sources as well as tracking of IP address across log sources and events.
Databases using JDBC
Databases with a JDBC driver can be accessed by XpoLog without using an agent.
XpoLog automatically recognises multiple types of Windows Event logs, while identifying System, Security, and Application-related logs.
XpoLog features integration with Hadoop HDFS databases. As part of the integration, XpoLog applies automated pattern recognition, which can be fined tuned at any time.
XpoLog offers comprehensive integration with Logstash. As part of the integration, XpoLog enables Logstash users to create Web access log statistics, application log error summaries, performance charts, and other reports, quickly and efficiently. Statistical queries instantly visualize log data, which can be used to build charts, dashboards, geomaps, and much more.
XpoLog can be integrated with Log4J. XpoLog can access Log4J files through direct access or by defining a SysLog appender and sending the events and messages to XpoLog. Once the log events have been pushed/pulled, XpoLog can start collecting, parsing, monitoring, and analyzing all your log data.
Log event correlations between data sources
Log events are automatically parsed and index to an abstraction layer that enables smart correlations between different data sources. For example, tracking IP address across different log sources and events can help detect problems and security risks, while showing when certain transactions started and when they ended. Also, such correlations can be real eye-openers in cases where different logs from different sources experience similar anomalies.
Log Data Analytics
XpoLog uses advanced analytics technologies to identify important errors and problems in your log data. While you search for information, the XpoLog Analytic Search engine layers Intelligence Augmentation Panels on the search results, which highlights important events, anomalies, and more.
Pre-defined Analytics Apps
Based on your data, XpoLog suggests relevant Analytics Apps, which are packed with pre-defined dashboards, reports, rich visualisation, and custom alerts.