LOG AGGREGATORFLEXIBLE, LOW-FOOTPRINT LOG COLLECTION SERVICE WITH SOFTWARE AGENTS FOR 50+ PLATFORMS Log Management service comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows. Become a Reseller
HIGHLY SCALABLE INDEXING ENGINE
The Log Management service is optimized for performance, and can handle enormous amounts of messages. Depending on its exact configuration, it can index over 100,000 messages per second for sustained periods and process over 70 GB of raw logs per hour.
REAL-TIME LOG DATA TRANSFORMATION
Filter, Parse, Re-Write
The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations
Parse key-value pairs
Log Aggregator can separate a message consisting of whitespace or comma-separated key-value pairs (for example firewall logs) into name-value pairs.
Parse sudo log messages
Privileged user accounts represent the highest security risk, as they allow access to the most sensitive data and resources. The sudo parser enables you to enrich your log message data with details of privilege escalation events.
Normalize data with PatternDB
The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.
Real-time log message classification
By comparing log messages to known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and, for example, can label the messages as user login, application crash, file transfer, etc.
Extracting important information from messages
In addition to classifying messages, you can also add different tags which can be used later for filtering messages, for example, to collect messages tagged as user_login to a separate file or to perform conditional post processing on the tagged messages.
Real-time event correlation
Syslog-ng also makes real-time event correlation possible. This can be useful in many different situations. For example, important data for a single event is often scattered into multiple syslog messages. Also, login and logout events are often logged far away from each other, even in different log files, making log analysis difficult. Using correlation these can be collected into a single new message.
AUTOMATED BACKUP OF STORED DATA
Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols
: - Network File System protocol (NFS);
- Rsync over SSH;
- Server Message Block protocol (SMB/CIFS).
FLEXIBLE, FAST SEARCH CAPABILITY
Using the web-based user interface, users can search for logs by a variety of message parameters and text searches. Wildcards and Boolean operators allow users to perform complex searches and drill down on the results. Users can get an overview and quickly identify problems.
Configure automated searches that run continuously and alert the administrators about important events.
Users can easily create customized reports from the charts they create on the search interface.
You can also forward logs to 3rd party analysis tools or fetch data from service via its REST API. You can access the API using a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPS client to integrate Log Aggregator into your environment, including popular languages such as Java and Python.
SECURE TRANSFER USING TLS
syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box. It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.
SECURE, ENCRYPTED LOG STORAGE
Any sensitive log data can be stored in in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.
GRANULAR ACCESS CONTROL
Authentication, Authorization and Accounting settings can restrict access to the Log Management service configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.
MESSAGE RATE ALERTING
Log Management can be configured to send alerts based on the number of messages being received from sources. Minimum and maximum log message thresholds for specified time periods can be set to monitor the log management infrastructure for any performance issues.
Tempo di lettura: 5 minUtilizzo del Machine Learning per proteggere i dati Introdotto nel gennaio 2017, Acronis Act… https://t.co/mhqalBxm8D
Gli attacchi informatici sono numerosi e non fanno distinzione tra aziende e singoli individui quando prendono di m… https://t.co/uOucUWZf7W
Estimated reading time: 5 minutes SNYPR è uno strumento di analisi della sicurezza in grado di trasformare i Big… https://t.co/oies7e0nYY
Estimated reading time: 5 minutes Con l’avvento delle piattaforme di big data, le aziende che si occupano di sicu… https://t.co/MSvA0dPgiE
Estimated reading time: 5 minutes With the advent of big data platforms, IT security companies can now make guid… https://t.co/aTv41eq2Ir