Blog
Stay in the loop: Updates, Innovations, and Community Insights
axoflow

Beyond SC4S: multi-destination log routing without vendor lock-in
Looking for an SC4S alternative? See how Axoflow routes, classifies, and normalizes syslog and other data to any SIEM — cutting SIEM costs by 40–70% and ending Splunk lock-in.

Long-Term Log Storage Without SIEM Costs: The Axoflow Storage Layer
Store security logs long-term without SIEM costs or vendor lock-in. See how the Axoflow Storage Layer uses open Parquet files on object storage you control.
%2520Comparison%25202026.png)
Security Data Pipeline Platform (SDPP) Comparison 2026: What the Seven-Platform Reviews Miss
What the seven-platform SDPP comparisons miss: two criteria that change the answer for enterprise security teams evaluating pipelines in 2026-2027.

The pipeline was never the destination
Gartner's 2026 Hype Cycle dropped standalone security data pipelines and added Security Data Lakes. What this market shift means for your SOC.

OMB M-26-14: What Federal Agencies Need to Know About the New Logging Mandate
How Federal Agencies can meet the requirements of the OMB M-26-14 logging mandate, and how Axoflow can help them to get there fast and in a cost-effective way

Why Your AI SOC Is Only as Good as the Data Feeding It
AI SOCs underperform when fed messy, human-oriented telemetry. Why machine-readable, normalized security data is the real foundation of an AI-native SOC.

Getting Data into XSIAM the Right Way: A Deep Dive with Axoflow
How Axoflow solves the Getting Data In problem for Cortex XSIAM: automated LEEF formatting, XDM normalization, and clean, ready-to-use security data.

When Your Parser Breaks: Schema Drift and Detection Gaps That Sneak Up On You
Schema drift silently breaks parsers and creates detection gaps. Learn how pipeline-layer validation catches drift before your SIEM does.

The Stack We Built One Problem at a Time
Struggling with pipeline sprawl? Discover how Axoflow brings visibility, control, and consolidation to complex data pipelines—without risky rip-and-replace.

The End of the Monolithic SIEM: Why Decoupled Security Architectures Are Growing In Popularity
Monolithic SIEMs are failing under cloud scale and rising costs. Why decoupled security architectures and pipelines replace ingest-everything models.

Government Organization Cuts Infrastructure by 85% (and Simplifies Its Migration to Google SecOps with Axoflow)
A government organization cut infrastructure by 85% and log volume by 40% with Axoflow's security data pipeline during its Google SecOps migration.

When Trusted Tools Reach Their Limits: The Evolution of Log Pipelines
syslog-ng was the right choice for years, but modern log pipelines demand more than stability. Why log infrastructure needs to evolve, and where to go next.

10x search improvement? Optimize Splunk fields with Axoflow
Indexed fields can make Splunk searches up to 10x faster. See how Axoflow sends payload- and externally-derived metadata to Splunk efficiently.

The Autonomous Data Layer: Control Your Data, Cost, and Cyber Risk
Gain strategic control with Axoflow's autonomous data layer: Axolake, AxoStore, and Locker for automated curation, cost cuts, and compliance.

If You Own the Pipeline, You Own the Future of the SOC
Security data pipelines are becoming the SOC's control plane. Key report findings on cost efficiency, data quality, and faster investigations.

Cutting Storage Costs and Boosting Visibility: How a Leading Healthcare Company Reduced Log Storage Costs by 30% with Axoflow
Learn how a leading U.S. healthcare company used Axoflow to gain log observability, improve syslog-ng monitoring, and cut data costs by 30% in days.

Axoflow’s Storage Strategy: Building the Security Data Layer
Axoflow's storage strategy for the Security Data Layer: edge storage, cost-efficient data lakes, stream processing, and air-gapped deployments.

Getting firewall logs into Splunk with Axoflow
Optimize firewall logs before they hit Splunk with AxoRouter: better data quality, lower ingestion costs, no more noisy unstructured messages.

The Hidden Cost of Redundancy: Tackling Data Duplication in Security Data Pipelines
Redundant log delivery quietly duplicates data, distorts analytics, and inflates your SIEM bill. Learn how to detect and prevent duplication.

AxoSyslog License Update: Moving to GPL3
AxoSyslog, our syslog-ng fork, moves to a single clear open source license: GPL-3.0-or-later. What changes for users and contributors.

How Axoflow Works with Google Security Operations, Cloud, Pub/Sub, and BigQuery
How Axoflow natively integrates with Google SecOps, GKE, Pub/Sub, BigQuery, and Private Service Connect to secure your security data pipelines.

1 year of AxoSyslog
Activity report of the first year of AxoSyslog, our drop-in syslog-ng fork.

Axoflow Zero to Hero: Stream Security Data Anywhere
See how you can be a hero by connecting machines and logging data to your analytics tool of choice in 12 minutes or less using the Axoflow Platform.

Classify security data in transit: improve data quality and reduce costs
Optimize SIEM data ingestion with automated classification. Improve accuracy, reduce costs, and eliminate log chaos. Learn how Axoflow can help!

Ways to break data ingestion of your SIEM
An end-to-end look at how security data travels from appliance to SIEM, and the ingestion failures that silently hide events from your SOC.

AxoRouter Opens Windows! (WEC Edition)
How do you use AxoRouter as a Windows Event Collector (WEC) server to collect Windows Event Logs and forward them to your SIEM.

How high-quality data saves you $$$$
How high-quality security data cuts SIEM costs, improves detection accuracy, and boosts SOC efficiency. Real strategies and a 50% savings story.

How to upgrade syslog-ng to AxoSyslog
Upgrade syslog-ng to AxoSyslog in minutes with no configuration changes. What the drop-in replacement means and how the migration works.

AxoRouter Opens Windows
How to configure OpenTelemetry Collector to collect Windows Event Logs and forward them to an AxoRouter aggregator via OTLP.

$7M to improve security data quality
Axoflow will use its $7 million seed funding to make security data easy-to-handle everywhere: during collection, routing, and in the SIEM.

Top 4 tricks to reduce SIEM data volume
Four practical tricks to reduce SIEM data volume and cut ingestion costs. Collect better data instead of more data, without losing visibility.

Build a community, not a team
Building a community is no small feat. A quick recap of what the Axoflow team does together when we're not working on security data pipelines.

Security Data Pipeline Management
Learn how security data pipeline management tools like Axoflow improve data quality, cut SIEM costs, and boost security team efficiency.

First 6 months of AxoSyslog, our syslog-ng fork
Six months into AxoSyslog, the binary-compatible syslog-ng fork: development activity, new features, and what's ahead for the project.

Axoflow deployment scenarios
Discover the flexible deployment modes of Axoflow, and learn how you can streamline SIEM data management, reduce costs by 50%, and improve data quality.

Fix the Syslog Mess: keep invalid syslog data from wrecking your SIEM
Our automated data engine solves syslog issues: fixes, optimizes, and structures security logs before they reach your SIEM, improving performance and accuracy

How Host Attribution Empowers Security Teams with Previously Missing Context
Without reliable host attribution, security teams lose vital context. Axoflow's inventory enriches data so you can pinpoint every event's source.

Introducing Axoflow FilterX: Revolutionizing Log Parsing and Filtering for Complex Data
FilterX makes filtering and modifying logs easier and faster, handling nested JSON and OpenTelemetry logs as a syslog-ng filter replacement.

Error tagging in AxoSyslog
AxoSyslog automatically detects and tags formatting errors in syslog messages, improving data quality and reducing false positives in your SIEM.

Log tapping to find rogue devices and parsing errors
Watch how to use log tapping to detect rogue devices, investigate parsing errors, and find out what’s wrong with the syslog messages your devices are sending.

AxoRouter, the security data curation pipeline engine
AxoRouter auto-identifies log sources and fixes missing hostnames, invalid timestamps, and formatting errors. No rule maintenance required.

Troubleshooting syslog errors with log tapping
Log tapping samples your pipeline's log flow on demand. Filter by labels and investigate problematic syslog events with just a few clicks.

AxoSyslog is now a real fork
AxoSyslog is now a real fork of syslog-ng: still open source under the same license, actively maintained with new features from its creators.

Logging operator, Telemetry controller, and Axoflow at KubeCon2024
Meet the Axoflow team at KubeCon Europe 2024 in Paris at Booth L36: Logging operator, Telemetry Controller, and pipeline observability.
Subscribe to stay in touch
Sign up for our newsletter to be the first to knew about new articles. We are excited to be realizing our vision above with a full Axoflow product suite.