Log Management - Overview

Conflux is an LMaaS (Log Management as a Service) module offered as part of the Cloudaware platform. Conflux discovers, enhances and aggregates logs from cloud providers such as AWS, Azure, GCP, and on-prem. Besides standard log management functionality, such as search and visualization, Conflux provides enhanced capabilities such as security, monitoring, alerting, reporting, anomaly detection and forecasting. Conflux is available via Cloudaware Launcher.

Automatic Log Discovery

Whenever a user creates new objects - for example, AWS Load Balancers, AWS S3 Buckets and AWS RDS Databases - cloud provider requests the user to provide destination logging location, like a bucket or BigQuery table. This flexibility is great, but large cloud consumers end up with hundreds of locations for log storage. This often results in fragmented data. 

Traditional vendors, like Splunk and Sumo, rely on customer to configure ''push'' pipelines. However, as the number of cloud services and application components that generate logging data increases, they often have missing or incomplete data. Another key problem with traditional ''push'' approach is that it requires a manual action. See step 1:

Conflux takes a different approach. Instead of relying on users to manually push logs into log management solution, it relies on CMDB to discover log sources and notify Conflux.

This approach based on automated discovery eliminates the need for manual configurations and reduces the possibility of missing log data.

Auto Discovered Log Sources

Graph API and Automated Relationship Detection

Conflux analyzes network, spending and security logs to identify relationships and dependencies between objects in CMDB. Using graph API, users can perform an in-depth impact analysis necessary in security, availability and disaster recovery use cases.

Anomaly Detection

Conflux offers three types of anomaly detection for all of its data:

• Single Metrics - detect anomalies in single time series, e.g. Total Spending By Day 

• Multi-Metrics - detect anomalies across multiple time series, e.g. CPU

• Network Traffic by Instance and Population - detect activity that is unusual compared to the behaviour of the population, e.g. console users’ logins

Reliability and Scalability

Conflux is a highly redundant service with data replicated across multiple cloud providers and regions. Customers can request specific datacenter locations such as US Only, EU Only, etc. 

Security

Granular Access and Audit Controls

Role-based access and audit controls allow you to control and monitor the actions your Conflux users can take, and what data, tools and dashboards they can access.

User Authentication

Conflux supports SAML integration for single sign-on (SSO) via SAML v2 compliant identity providers including Okta, PingFederate, Azure AD, ADFS, CA SiteMinder, OneLogin, Centrify, SecureAuth, IdentityNow, Oracle OpenSSO, Google SAML2 provider and Optimal Id. Conflux can also integrate with other authentication systems, such as LDAP, Active Directory and e-Directory.

Data Encryption In-Transit and At-Rest

Conflux uses industry standard SSL/TLS (Secure Sockets Layer/Transport Layer Security) encryption for data in transit. All forwarders and user sessions are secured in this manner. Electronic messaging is secured by opportunistic TLS encryption on the email gateways.

 Conflux encrypts data at rest using Advanced Encryption Standard (AES) 256-bit encryption. 

Environment Segmentation

Conflux deployments run in a compartmentalized secure environment, and your data exists on virtually dedicated servers to ensure it remains isolated from other customers’ data.

Supported Alert Mechanisms

• Email

• Webhook (Generic, PagerDuty, Slack, JIRA, Cloudaware)

• SNS