Log File Management with the Secure Online Desktop service
IT systems produce large quantities of log files, very useful tools for guaranteeing data security and application stability. However, in a complex ecosystem, the quantity of files and their location can become two insurmountable obstacles to overcome, in case it is necessary to consult the data efficiently. This is where log management systems come into play, which thanks to technologies such as Syslog-ng, are able to circumvent the problem. In the article, we see how a log file management solution can be a valuable investment.
What is a log file, what is it for
Any action that is performed on a machine or by it can be recorded in a log file. To understand what it is, let’s imagine that it is a ship’s logbook, in which every single event that happened on the boat is noted. In fact, the name derives from the nautical environment, in which the use of a logbook was common. This was nothing more than a diary in which navigation data were recorded at regular intervals: speed, wind strength and direction, water conditions and so on.
With the concept of recording useful information in a file that can be consulted later, the log file contains any changes, actions, states or modifications for security reasons. In case something goes wrong, it is easy to understand what happened by consulting a log file. This is especially true when we talk about servers and applications, data dissemination, IT security, etc.
Amount of log files
Some companies have up to a few dozen servers, others have hundreds, some thousands, and there are others that manage tens of thousands of servers. These systems produce a huge amount of data in the form of log files.
Complicating things is IT architecture. Very often machines are organized into subsystems, both for reasons of convenience and safety. In the unfortunate event that someone wants to consult the log files following an accident, we should despair. Which server holds the data we are interested in? Which subsystem is it in? These are not questions that can be answered simply, especially if you don’t know the source of the problem.
The management of the log files of a system (or Log Management) is essential in the collection of data, prevention and resolution of problems.
Secure Online Desktop Log Management
SOD offers a log management solution through Syslog-ng Premium Edition agents. These are in charge of the collection, transmission and storage of log files. Not only are they collected and centralized in a single virtual place, but the data are also normalized, ie “translated” into standardized formats so that they can be consulted and compared more easily.
Real-time normalization, reporting and classification
Thanks to normalization, it is possible to carry out cross-sectional full-text searches in a few seconds to all the log files collected. Complex operations are guaranteed by the possibility of using wildcards and Boolean operators. The analysis of the collected data is therefore very simplified, which allows the data to also be used to monitor the efficiency of the system, identify possible future problems and intervene before it is too late.
It is also possible to generate customized reports consisting of graphs and statistics with the aim of certifying compliance with standards and regulations such as PCI-DSS, ISO 27001, SOX and HIPAA.
One of the most interesting features of syslog-ng is the ability to automatically classify messages and sort them into classes. These can then be used to label the type of event described in the log. Examples of possible classes: user login, application crash, file transfer, etc.
Extraction and correlation of messages in log files
The classification of messages opens the door to a further functionality: the extraction and correlation of messages. Once each message contained in the log file has been normalized and classified according to your needs, it is possible to assign different tags, to add an additional filter level.
To give an example: once a user’s login messages have been collected, it is possible to label them as user_login, and then isolate them by extracting them and collecting them in a separate file to perform further processing on these messages.
Syslog-ng also makes it possible to correlate events in real time, to prevent data from a single event being scattered across multiple log files. For example, the access and exit data (log-in and log-out) are often recorded far from each other, even in different log files. Through correlation, the data of a single event can be collected and analyzed in isolation.
The stored log messages and the configuration of the Log Management service can be periodically transferred to a remote server using the following protocols:
– Network File System protocol (NFS)
– Rsync over SSH
– Server Message Block protocol (SMB / CIFS)
The log file collection and management system with syslog-ng PE agents operates on over 50 platforms, including all Linux distributions and commercial versions of Unix and Windows. The service is able to manage huge quantities of messages, up to over 100,000 per second and over 70 GB of raw log files per hour, from 5000 different sources (servers, applications, etc.).
Ask us for more information about our Log Monitoring service to know specifically how it can be implemented in your systems and how it can help you.
- The SOAR benefits: simplifying investigation and response
- Security Code Review: How the service works
- Integration of the automated response: the automations in SOCaaS
- Coordination between CTI and SOC: how to further raise the defenses
- New Cloud Server: redundant internet
- Quality certificate for the SOCaaS of SOD
- Managed Detection and Response: a new preventive approach
- CLUSIT: our collaboration for better services
- Backup as a Service (17)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (15)
- Security (169)
- Web Hosting (15)
- Authentication Is Static, Yet Attackers Are Dynamic: Filling the Critical Gap May 20, 2022To succeed against dynamic cybercriminals, organizations must go multiple steps further and build a learning system that evolves over time to keep up with attacker tactics.
- New Open Source Project Brings Consistent Identity Access to Multicloud May 20, 2022Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.
- More Than 1,000 Cybersecurity Career Pursuers Complete the (ISC)² Entry-Level Cybersecurity Certification Pilot Exam May 19, 2022New professional certification program establishes a pathway into the workforce for students and career changers by demonstrating their foundational knowledge, skills and abilities to employers.
- Deadbolt Ransomware Targeting QNAP NAS Devices May 19, 2022QNAP is urging customers of its NAS products to update QTS and avoid exposing the devices to the Internet.
- Pro-Russian Information Operations Escalate in Ukraine War May 19, 2022In the three months since the war started, Russian operatives and those allied with the nation's interests have unleashed a deluge of disinformation and fake news to try and sow fear and confusion in Ukraine, security vendor says.
- DoJ Won't Charge 'Good Faith' Security Researchers May 19, 2022Revised policy means security analysts won't be charged under the Computer Fraud and Abuse Act.
- Majority of Kubernetes API Servers Exposed to the Public Internet May 19, 2022Shadowserver Foundation researchers find 380,000 open Kubernetes API servers.
- Dig Exits Stealth With $11M for Cloud Data Detection and Response Solution May 19, 2022CrowdStrike and CyberArk invest in Dig's seed round, which was led by Team8, alongside Merlin Ventures and chairs of MongoDB and Exabeam.
- 6 Scary Tactics Used in Mobile App Attacks May 19, 2022Mobile attacks have been going on for many years, but the threat is rapidly evolving as more sophisticated malware families with novel features enter the scene.
- Phishing Attacks for Initial Access Surged 54% in Q1 May 19, 2022For the first time in a year, security incidents involving email compromises surpassed ransomware incidents, a new analysis shows.
- SEC Consult SA-20220518-0 :: Multiple Critical Vulnerabilities in SAP® Application Server, ABAP and ABAP® Platform (Different Software Components) May 18, 2022Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on May 18SEC Consult Vulnerability Lab Security Advisory < 20220518-0 > ======================================================================= title: Multiple Critical Vulnerabilities product: SAP® Application Server ABAP and ABAP® Platform (Different Software Components) vulnerable version: see section "Vulnerable / tested versions" fixed version: see SAP security notes...
- PHPIPAM 1.4.4 - CVE-2021-46426 May 18, 2022Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18=====[ Tempest Security Intelligence - ADV-03/2022 ]========================== PHPIPAM - Version 1.4.4 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents ]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability […]
- LiquidFiles - 3.4.15 - Stored XSS - CVE-2021-30140 May 18, 2022Posted by Rodolfo Augusto do Nascimento Tavares via Fulldisclosure on May 18=====[ Tempest Security Intelligence - ADV-12/2021 ]========================== LiquidFiles - 3.4.15 Author: Rodolfo Tavares Tempest Security Intelligence - Recife, Pernambuco - Brazil =====[ Table of Contents]================================================== * Overview * Detailed description * Timeline of disclosure * Thanks & Acknowledgements * References =====[ Vulnerability...
- Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! May 18, 2022Posted by malvuln on May 18Watch multiple LockBit Ransom get DESTROYED Mass PWNAGE at scale! https://www.youtube.com/watch?v=eg3l8a_HSSU
- github.com/malvuln/RansomDLLs / Catalog of current DLLs affecting vulnerable Ransomware strains. May 18, 2022Posted by malvuln on May 18Reference list for my Ransomware exploitation research. Lists current DLLs I have seen to date that some ransomware search for, which I have used successfully to hijack and intercept vulnerable strains executing arbitrary code pre-encryption. https://github.com/malvuln/RansomDLLs
- APPLE-SA-2022-05-16-2 macOS Monterey 12.4 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-2 macOS Monterey 12.4 macOS Monterey 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213257. AMD Available for: macOS Monterey Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed […]
- APPLE-SA-2022-05-16-6 tvOS 15.5 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-6 tvOS 15.5 tvOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213254. AppleAVD Available for: Apple TV 4K, Apple TV 4K (2nd generation), and Apple TV HD Impact: An application may be able to execute arbitrary code with kernel […]
- APPLE-SA-2022-05-16-5 watchOS 8.6 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-5 watchOS 8.6 watchOS 8.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213253. AppleAVD Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free […]
- APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-3 macOS Big Sur 11.6.6 macOS Big Sur 11.6.6 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213256. apache Available for: macOS Big Sur Impact: Multiple issues in apache Description: Multiple issues were addressed by updating apache to version 2.4.53. CVE-2021-44224 […]
- APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 May 17, 2022Posted by Apple Product Security via Fulldisclosure on May 16APPLE-SA-2022-05-16-1 iOS 15.5 and iPadOS 15.5 iOS 15.5 and iPadOS 15.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT213258. AppleAVD Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, […]
Security Awareness, la sicurezza aziendale parte dai dipendenti. L'ingegneria sociale fa spesso leva sull'ignoranza… https://t.co/nGAs70Ofn5
Torna all'inizio Scopri i nostri servizi di Cyber SecurityTroverai sicuramente quello che fa al caso tuo Se vuoi m… https://t.co/Emm5kUfFc4
Estimated reading time: 6 minutes Today we see one of the latest additions to our SOCaaS, the Autonomous Threat… https://t.co/QNvHnKbEqq
Estimated reading time: 6 minutes The Security Code Review (SCR) service is increasingly used by companies l… https://t.co/rJmYXr1oCj
Estimated reading time: 6 minutes Il servizio di Security Code Review (SCR) è sempre più utilizzato dalle aziende… https://t.co/g2ho2C8FYh