Solved

Log management

Posted on 2014-01-20
7
269 Views
Last Modified: 2016-03-28
I have been tasked to collect firewall log, IDS logs and server logs to examine them using an application looking for information. How do I setup the collection of these logs and where do i install the log application.
0
Comment
Question by:SydNal2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794415
Very general question, will need more info.. What OS? I see it's windows, Windows Firewall or a 3rd party? What IDS? Each software collects it's own logs, as long as it's enabled, and will store them in different locations... Please give more info!
0
 

Author Comment

by:SydNal2009
ID: 39794468
My apology for being so general. I meant to explain that I will need a central point where the logs are sent, i.e. 3rd party firewall log, NIDS log and Windows server log. From that central location can I use an application to examine them. I need to know how to setup this environment, where do I install the log app. in question?
0
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794503
Where you install the "log app" shouldn't really make a difference as long as you tell the program where the logs are located.  Are you trying to do live scans? Daily Scans? etc, i mean do you need to move the log file?  

The Log Management App should be able to collect and analyze on it's own, as long as its setup properly.

Do you know what app you are going to be using?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 

Author Comment

by:SydNal2009
ID: 39794717
I don't know which app to use, any suggestion is welcomed. I also will need to move the log file. Can you also do reporting using the app? If so, do you know how to do reporting?
I will definitely would want to do live scans. Is there a difference between live scans vs daily scans, and why you would do one over the other?
0
 
LVL 37

Accepted Solution

by:
bbao earned 167 total points
ID: 39795869
you may try ArcSight Logger for free from HP.

"HP ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise log data making it unique in its ability to collect, analyze, and store massive amounts of data generated by modern networks. It supports multiple deployments such as an appliance, software, virtual machine, and within the cloud in both Windows and Linux environment"

http://www.arcsight.net/products/products-logger/

http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA4-1065ENW.pdf
0
 

Expert Comment

by:Irit Gillath
ID: 40355167
You should try also Stackify www.stackify.com it will aggregate all your logs per application. The logs there will clearly mark errors and will provide you all the logs related to an error.
0
 

Expert Comment

by:Naomi Goldberg
ID: 41467922
Users on IT Central Station also use Stackify for log management. This user writes, "I like how Stackify combines capabilities that otherwise required us to use separate tools." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/stackify-review-32175-by-james-cooper

Members of our community that were interested in solutions such as Stackify also read reviews for LogRhythm.  This user writes that LogRhythm has "brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device."  You can see what else he has to say about LogRhythm here: https://goo.gl/L5oZV5.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Routing between two networks? 10 106
Monitor changes to folder and file permissions - automated reporting 6 107
Home firewall recommendations 11 107
802.1x and RDP Issues 6 109
Cybersecurity has become the buzzword of recent years and years to come. The inventions of cloud infrastructure and the Internet of Things has made us question our online safety. Let us explore how cloud- enabled cybersecurity can help us with our b…
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question