Syslog and Windows Event Log Management
Importance of Log Management
Log Management - Pre-requisite to Ensure Network Security
Logs give you first hand information about your network activities. Log management ensures that the network activity data hidden in the logs is converted to meaningful, actionable security information. Log management is a pre-requisite for Network, Security administrator to keep the network secured.
What does log management involve?
Log management comprises of log collection, secured storage, normalization, analysis, reports and alerts generation.
- Log collection needs to be unintrusive.
- Logs need to be collected from diverse set of devices, servers and applications available in the network.
- Log collection should be preferably without an agent. In some network environments, log collection using agent should be available optional.
EventLog Analyzer supports the following log and data sources:
Linux and Unix Systems
Endpoint Security Solutions
- ESET Antivirus
- Kaspersky Antivirus
- Microsoft Antimalware
- Norton Antivirus
- Sophos Antivirus
Secure Log Storage
- The log data needs to be stored in archive for forensic analysis and regulatory compliance requirements.
- The log data storage should secured (e.g., encryption)
- Also, the storage should be tamper proof
- The retention duration should be flexible (preferably user configurable)
- The storage location, media also should be flexible (read only media, mass storage system, etc.)
The logs from heterogeneous sources should be normalized to have a common format. This is required to analyze and correlate.
The logs need to be analyzed to get a full picture of the network security events
The logs can even be correlated across multiple devices to help you get a comprehensive view of your network events.
Report and Alert Generation
The logs are analyzed to generate reports and alerts
- There should be canned, customizable, custom, and scheduled reports in different formats and distributable.
- The alerts should be notified in real-time. There should be more notification mechanisms and even other program should be executed to carry out remedial measures
Log management is an integral part of monitoring and network security.