LOG AGGREGATORFLEXIBLE, LOW-FOOTPRINT LOG COLLECTION SERVICE WITH SOFTWARE AGENTS FOR 50+ PLATFORMS Log Management service comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows. Become a Reseller
HIGHLY SCALABLE INDEXING ENGINE
The Log Management service is optimized for performance, and can handle enormous amounts of messages. Depending on its exact configuration, it can index over 100,000 messages per second for sustained periods and process over 70 GB of raw logs per hour.
REAL-TIME LOG DATA TRANSFORMATION
Filter, Parse, Re-Write
The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations
Parse key-value pairs
Log Aggregator can separate a message consisting of whitespace or comma-separated key-value pairs (for example firewall logs) into name-value pairs.
Parse sudo log messages
Privileged user accounts represent the highest security risk, as they allow access to the most sensitive data and resources. The sudo parser enables you to enrich your log message data with details of privilege escalation events.
Normalize data with PatternDB
The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.
Real-time log message classification
By comparing log messages to known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and, for example, can label the messages as user login, application crash, file transfer, etc.
Extracting important information from messages
In addition to classifying messages, you can also add different tags which can be used later for filtering messages, for example, to collect messages tagged as user_login to a separate file or to perform conditional post processing on the tagged messages.
Real-time event correlation
Syslog-ng also makes real-time event correlation possible. This can be useful in many different situations. For example, important data for a single event is often scattered into multiple syslog messages. Also, login and logout events are often logged far away from each other, even in different log files, making log analysis difficult. Using correlation these can be collected into a single new message.
AUTOMATED BACKUP OF STORED DATA
Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols
: - Network File System protocol (NFS);
- Rsync over SSH;
- Server Message Block protocol (SMB/CIFS).
FLEXIBLE, FAST SEARCH CAPABILITY
Using the web-based user interface, users can search for logs by a variety of message parameters and text searches. Wildcards and Boolean operators allow users to perform complex searches and drill down on the results. Users can get an overview and quickly identify problems.
Configure automated searches that run continuously and alert the administrators about important events.
Users can easily create customized reports from the charts they create on the search interface.
You can also forward logs to 3rd party analysis tools or fetch data from service via its REST API. You can access the API using a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPS client to integrate Log Aggregator into your environment, including popular languages such as Java and Python.
SECURE TRANSFER USING TLS
syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box. It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.
SECURE, ENCRYPTED LOG STORAGE
Any sensitive log data can be stored in in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.
GRANULAR ACCESS CONTROL
Authentication, Authorization and Accounting settings can restrict access to the Log Management service configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.
MESSAGE RATE ALERTING
Log Management can be configured to send alerts based on the number of messages being received from sources. Minimum and maximum log message thresholds for specified time periods can be set to monitor the log management infrastructure for any performance issues.
Cyber threat intelligence identify dangers before they cause damage Find threats before they become a problem… https://t.co/eoT3Mfmi7g
Analisi di Sicurezza Procedurale Verifica che le operazioni in azienda rispettino gli standard imposti per il trat… https://t.co/HYs4UsX3mP
VPN Aziendali connessioni protette sempre e dovunque Gran parte del lavoro ormai passa per la rete,la sicurezza dev… https://t.co/ZreMXSsS17
Ultimamente ci sono stati casi critici di ransomware degni di nota. L’Universita' Tor Vergata ha subito un attacco… https://t.co/oHVilx0VXx
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked… https://t.co/FQYuyKdAv6