Solved

Log management

Posted on 2014-01-20
7
263 Views
Last Modified: 2016-03-28
I have been tasked to collect firewall log, IDS logs and server logs to examine them using an application looking for information. How do I setup the collection of these logs and where do i install the log application.
0
Comment
Question by:SydNal2009
7 Comments
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794415
Very general question, will need more info.. What OS? I see it's windows, Windows Firewall or a 3rd party? What IDS? Each software collects it's own logs, as long as it's enabled, and will store them in different locations... Please give more info!
0
 

Author Comment

by:SydNal2009
ID: 39794468
My apology for being so general. I meant to explain that I will need a central point where the logs are sent, i.e. 3rd party firewall log, NIDS log and Windows server log. From that central location can I use an application to examine them. I need to know how to setup this environment, where do I install the log app. in question?
0
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794503
Where you install the "log app" shouldn't really make a difference as long as you tell the program where the logs are located.  Are you trying to do live scans? Daily Scans? etc, i mean do you need to move the log file?  

The Log Management App should be able to collect and analyze on it's own, as long as its setup properly.

Do you know what app you are going to be using?
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:SydNal2009
ID: 39794717
I don't know which app to use, any suggestion is welcomed. I also will need to move the log file. Can you also do reporting using the app? If so, do you know how to do reporting?
I will definitely would want to do live scans. Is there a difference between live scans vs daily scans, and why you would do one over the other?
0
 
LVL 37

Accepted Solution

by:
bbao earned 167 total points
ID: 39795869
you may try ArcSight Logger for free from HP.

"HP ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise log data making it unique in its ability to collect, analyze, and store massive amounts of data generated by modern networks. It supports multiple deployments such as an appliance, software, virtual machine, and within the cloud in both Windows and Linux environment"

http://www.arcsight.net/products/products-logger/

http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA4-1065ENW.pdf
0
 

Expert Comment

by:Irit Gillath
ID: 40355167
You should try also Stackify www.stackify.com it will aggregate all your logs per application. The logs there will clearly mark errors and will provide you all the logs related to an error.
0
 

Expert Comment

by:Naomi Goldberg
ID: 41467922
Users on IT Central Station also use Stackify for log management. This user writes, "I like how Stackify combines capabilities that otherwise required us to use separate tools." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/stackify-review-32175-by-james-cooper

Members of our community that were interested in solutions such as Stackify also read reviews for LogRhythm.  This user writes that LogRhythm has "brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device."  You can see what else he has to say about LogRhythm here: https://goo.gl/L5oZV5.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question