Attending AWS re:Invent?Where to find us
Get started
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
© 2024 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Blog|productJuly 29, 2024

Axiom + Tailscale: elevate your network visibility and security

alt

Our new integration with Axiom allows you to stream your Tailscale audit and network flow logs directly to your Axiom account, providing more visibility and analysis capabilities for your tailnet's activity and health.

If you’re not familiar: Axiom is a modern alternative to traditional log management and observability platforms, combining collection and analysis capabilities with flexible event streaming. Axiom uses a tuned block format on object storage and serverless functions for queries, providing enterprise-grade capabilities at a fraction of the cost. Its piped processing language supports various use cases, from security analysis to performance monitoring.

The power of Axiom + Tailscale

Using Axiom with Tailscale can enhance your network visibility, security, and compliance capabilities. The benefits:

  1. Extended log retention: Keep your Tailscale logs for months or even years, crucial for identifying slow-developing security threats and meeting stringent compliance requirements.
  2. Comprehensive visibility: Stream both audit and network flow logs to Axiom for a 360-degree view of your tailnet's activity. The Axiom dashboard provides instant insights into your network's health and usage patterns.
  3. Deep analysis capabilities: Use Axiom's query language (APL) to investigate specific events, track user activities, or analyze traffic patterns over time.
  4. Flexible data routing: Send specific log data to other tools in your stack. Use Axiom as your central log repository while feeding data to specialized tools as needed with Axiom Flow.

This integration empowers you to maintain a secure, efficient tailnet while providing the flexibility to adapt to your organization's evolving needs.

Empowering every team with network insights

For a fast-growing company using Tailscale to manage a distributed team's network access, here's how Axiom enhances operations across different teams:

  • Security: Set up alerts for suspicious patterns like unusual traffic spikes or repeated failed access attempts. When detected, quickly investigate the full context using Axiom's powerful query language.
  • Compliance: Easily meet requirements to retain access logs for extended periods. Generate specific reports for auditors using APL queries.
  • Cost control: Use Axiom as your central, cost-effective log repository. Route only critical events to specialized tools like your SIEM, significantly reducing overall observability costs.
  • DevOps: Monitor network performance and usage patterns to identify bottlenecks and optimize infrastructure.

Tailscale integration dashboard: Your network at a glance

The Axiom Tailscale dashboard provides immediate, actionable insights into your tailnet's activity and health. This comprehensive overview includes:

  • Log type distribution: Understand the balance between configuration audit logs and network flow logs over time.
  • Top actions and hosts: Identify the most common network actions and most active devices.
  • Traffic visualization: View physical, virtual, and exit traffic patterns for both sources and destinations.
  • User activity tracking: Monitor actions by user display name, email, and ID for security audits and compliance.
  • Configuration log stream: Access a detailed audit trail of all configuration changes.

With these insights, you can:

  • Quickly identify unusual network activity or traffic patterns
  • Track configuration changes and user actions
  • Monitor overall network health and performance
  • Investigate specific events or users as needed
  • Understand traffic distribution across your tailnet

Whether you're conducting a security audit, optimizing performance, or ensuring compliance, the dashboard equips you with the tools to maintain a secure and efficient tailnet. By providing these insights in real-time, it helps you respond quickly to potential issues and make informed decisions about your network configuration and usage.

Getting started

To get started with Axiom as a log streaming destination, first ensure you have an Axiom account. Then:

  1. In your Tailscale admin console, navigate to log streaming settings.
  2. Select Axiom as your log destination and follow the configuration steps.
  3. Once data flows, Axiom will automatically provide your pre-built Tailscale dashboard.

Within minutes, you'll have access to comprehensive insights about your tailnet, allowing you to set up custom alerts, perform detailed analyses, and route events as needed. For more information, see our log streaming documentation.

Share

Authors

Rachele GyorffyRachele Gyorffy
Joe TsaiJoe Tsai
Ben Lee-CohenBen Lee-Cohen
Loading...

Try Tailscale for free

Schedule a demo
Contact sales
cta phone
mercury
instacrt
Retool
duolingo
Hugging Face