Netlink Reduces Data Volume for Cost-effective Insights

Founded in 2007, Netlink Voice specializes in simplifying communications like reliable broadband voice solutions at competitive prices.

Netlink prioritizes people over profits and offers boutique services and transparent, predictable pricing to prove it.

Netlink gathers your vendors under one roof and does it all, with only one number to call and one bill to pay so you never have to think to make your communication technology work.

Download PDF

Industry

Telecommunications

Users

SOC Manager

SRE Team

Impacts

Up to 96% Reduction in event file sizes

Organized and consolidated view of Syslog events while staying within budget

Reduced mental toil for users so they could investigate and identify issues faster.

“Mezmo’s Telemetry Pipeline is EXACTLY WHAT I'M LOOKING FOR, IT SHOWS THE NECESSARY EVENTS VARIABLES FOR OUR TEAM, AND REDUCES THE AMOUNT OF DATA SIGNIFICANTLY.”

Travis Jones

SOC Manager at Netlink Voice

Case study

Challenge

Netlink monitors and collects Syslog events from Microsoft Windows Servers, which provide details of the users and background processes that authenticate into domains they manage, in order to identify bad actors or unauthorized access to servers. The problem is that these syslog events are very robust and lengthy, which make it impossible for Netlink to index and store everything. This resulted in the SOC team having to drop these security-related events on the server. However, dropping these events meant teams ran the risk of missing issues when they occurred, which would normally be sent outward to a monitoring platform to assess.

Solution

The solution was for Netlink to send its events through a Mezmo Telemetry Pipeline, which pre-processed the data before sending it to a downstream destination. Through event restructuring, they were able to reduce the file size of the events to contain only necessary fields, reducing the size to 1,000 bytes. In addition, they standardized the format and content within the events so they wouldn’t have to drop data. This made it easier for SREs to obtain a more curated data experience, and helped decrease the time spent sifting through irrelevant data to get what they need.

Finally, the Mezmo Telemetry Pipeline also reduced the amount of data that would then be saved and indexed in Mezmo Log Management, thus reducing the risk of overages, and allowing them to send all the syslog data from their Windows servers to Mezmo instead of just a subset – so they don’t miss anything important.

Outcome

With Mezmo, the Netlink team is able to control the volume of their syslogs from the Windows server to manage costs and quicker resolution times, and can manage unexpected spikes in the data before they reach more expensive log management. This also ensures that they are making informed decisions on what data to keep, and what to discard, so that they have the right data for incident resolutions as well as for future audits.