tacLOG - Centralised Log File Analysis

Description

Many companies put log files and log management on the back burner. Even applications in average-sized networks produce large volumes of log files every day, but administrators hardly ever find the time to look over them to uncover irregularities or problems. The reasons for this are threefold:

• The large volume of log files makes it more difficult to produce a useful analysis
• Users lack the necessary specialist knowledge to recognise entries that point to anomalies
• The log files are spread across individual systems, making access more difficult

This is incredibly unfortunate since log files in well-maintained systems and applications, when interpreted correctly, often give you early warning of security and configuration problems. If you overlook or ignore these, frequently a situation will arise that means you have to invest an inordinate amount of time and money to get it under control. In the environment described above, log files are commonly seen as a problem that must be eliminated. When it comes to dealing with log files, activities are limited to deleting them periodically to avoid problems resulting from a lack of drive space. Needless to say, if an attack goes unnoticed this makes it too easy for important troubleshooting information and even proof or evidence to go missing.

What our solution can do for you:

Normalisation

• Data conversion – syslog format into text
• Common log format for various data sources, such as: SNMP trap, e-mail, file, event reporter, Opsec, etc.

Storage

• Central logging – enables fast access and reporting
• Open interfaces – for external storage and archiving
• Distributed architecture – supports highly scalable solutions

Archiving

• Data compression – optimises drive utilisation
• Central backup – offers central archiving of all security-related notifications
• Integrity protection – for use in the audit trail

Analysis and reporting

• Intuitive Web-based GUI – secure access anytime, anywhere
• User profiles – allow for personalised data access
• High-performance reporting – for analysing and managing trends

Event generation

• Real-time event generation (RIT) and alerts – for fast reactions

Customer benefits

Lower operating costs

A central operating console gives you an overview of all relevant information. By integrating all operating information into a single console, you can recognise and eliminate problems earlier. Your operating team has fewer manual activities to carry out and is more productive. Operating quality improves and the cost of downtime falls. Extensive SLA reports can be generated automatically, reducing administrative outlay

More transparency and acceptance

End customers and partner companies can use the customer cockpit to view specific information online. This increases both transparency and trust. Our solution reduces complexity and also allows users and management to get an overview of the status of the most important IT services.

Tailored monitoring solution for your business

We build customised monitoring solutions using standard products. To do this, we need a concept that fits the customer and exactly meets their needs. We work with our customers to design the architecture and define core objects. We specify a measurement method for each object and identify the corresponding scanner. Each customer receives their own custom-built monitoring solution that recognises problems immediately and does not permit false alarms.

Log management module

The module enables you to easily expand your monitoring solution to create a fully functional log file analysis and archiving solution. With no additional hardware whatsoever, this module can be affixed to the scanner so that it normalises and centrally archives all log files in a local network. This reduces operating effort and expense, and the responsible employees have an overview of all the relevant information. Central data analysis assists you in recognising complex relationships and detecting operating or security incidents. Once a problem is identified, the solution can be ‘taught’ to apply the problem template and generate an event in future. Multilevel correlation transforms log file templates into events and events into alerts. When you have a large volume of log data, this is essential so that you always have a clear picture.