Log Management - Overview
Conflux is an LMaaS (Log Management as a Service) module offered as part of the Cloudaware platform. Conflux discovers, enhances and aggregates logs from cloud providers such as AWS, Azure, GCP, and on-prem. Besides standard log management functionality, such as search and visualization, Conflux provides enhanced capabilities such as security, monitoring, alerting, reporting, anomaly detection and forecasting. Conflux is available via Cloudaware Launcher.
Automatic Log Discovery
Whenever a user creates new objects - for example, AWS Load Balancers, AWS S3 Buckets and AWS RDS Databases - cloud provider requests the user to provide destination logging location, like a bucket or BigQuery table. This flexibility is great, but large cloud consumers end up with hundreds of locations for log storage. This often results in fragmented data.Â
Traditional vendors, like Splunk and Sumo, rely on customer to configure ''push'' pipelines. However, as the number of cloud services and application components that generate logging data increases, they often have missing or incomplete data. Another key problem with traditional ''push'' approach is that it requires a manual action. See step 1:
Conflux takes a different approach. Instead of relying on users to manually push logs into log management solution, it relies on CMDB to discover log sources and notify Conflux.
This approach based on automated discovery eliminates the need for manual configurations and reduces the possibility of missing log data.
Auto Discovered Log Sources
Provider | Log |
---|---|
AWS | CloudTrail, VPC Flow Logs, CloudFront; Billing Cost Allocation, DBR and CUR; RDS Logs; S3 Access Logs, ELB Access Logs, ALB Access Logs, Route53 Logs |
Azure | Azure Network Logs, Azure Billing Data |
GCP | Google Audit Logs |
Operating System | Metrics Beat, File Beat, Winlogbeat |
Custom Push Via Syslog | Any custom log file |
Custom Pull Via Breeze/LogBeat | Any custom log file |
Graph API and Automated Relationship Detection
Conflux analyzes network, spending and security logs to identify relationships and dependencies between objects in CMDB. Using graph API, users can perform an in-depth impact analysis necessary in security, availability and disaster recovery use cases.
Anomaly Detection
Conflux offers three types of anomaly detection for all of its data:
Single Metrics - detect anomalies in single time series, e.g. Total Spending By DayÂ
Multi-Metrics - detect anomalies across multiple time series, e.g. CPU
Network Traffic by Instance and Population - detect activity that is unusual compared to the behaviour of the population, e.g. console users’ logins
Reliability and Scalability
Conflux is a highly redundant service with data replicated across multiple cloud providers and regions. Customers can request specific datacenter locations such as US Only, EU Only, etc.Â
Security
Granular Access and Audit Controls
Role-based access and audit controls allow you to control and monitor the actions your Conflux users can take, and what data, tools and dashboards they can access.
User Authentication
Conflux supports SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Conflux can also integrate with other authentication systems, such as LDAP, Active Directory and e-Directory.
Data Encryption In-Transit and At-Rest
Conflux uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.
 Conflux encrypts data at rest using Advanced Encryption Standard (AES) 256-bit encryption.Â
Environment Segmentation
Conflux deployments run in a compartmentalized secure environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.
Supported Alert Mechanisms
Email
Webhook (Generic, PagerDuty, Slack, JIRA, Cloudaware)
SNS