I haven’t recently posted here, and the reason for that is that I have started Axoflow, a new startup in the observability space that took a lot of energy to get off the ground. We’ve closed our initial round of funding, which makes this a perfect time to introduce what we are set out to do.
Most of the innovation on how logs are processed and managed happen under the umbrella of “observability” these days: logs becoming one pillar of the logs/metrics/traces triumvirate, a combination often called telemetry data.
What I found is that mainstream observability focuses very much on the operational aspects of running applications and less so on the security element. Also, I find that in a lot of cases, enterprises tend to have separate teams for security (reporting to the CISO/CIO) and observability (reporting to the development organization/CTO).
At Axoflow, we know both sides of these coins: I am very much part of the “security camp”: syslog-ng being the #1 solution to feed the enterprise SIEM (Splunk and the like). The background of my co-founders is the observability space, having created logging operator (at Banzai Cloud and Cisco) and having run global, web-scale applications (at Ustream and IBM).
Based on our combined expertise, we are building a product that helps enterprises run their combined logging/observability pipelines.
Enterprises have invested millions of their security budget into deploying or running their log management infrastructures that feed their SIEM. They are also investing millions into deploying observability products to help running their applications. Yet, these systems are often separate. Their operation often manual and error prone.
This is where Axoflow is set out to help. We are building a management plane that greatly simplifies the operation of these telemetry pipelines (or shows where they are leaking) and also allows the separation between security and observability to be torn down.
You could ask how this relates to syslog-ng and this blog: even though Axoflow is a vendor agnostic management plane for telemetry pipelines, the data plane carrying the actual data is crucial as well. That’s where syslog-ng plays a role: we consider syslog-ng to be our open source, reference data plane that we use to show-case our management functionality. syslog-ng is also a great stepping stone to plug Axoflow in: Axoflow is a simple add-on to your existing pipeline and you immediately get the benefits, without the risks involved in changing a critical, functional system in a major way.