Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Log management

Posted on 2014-01-20
7
Medium Priority
?
286 Views
Last Modified: 2016-03-28
I have been tasked to collect firewall log, IDS logs and server logs to examine them using an application looking for information. How do I setup the collection of these logs and where do i install the log application.
0
Comment
Question by:SydNal2009
7 Comments
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 1332 total points
ID: 39794415
Very general question, will need more info.. What OS? I see it's windows, Windows Firewall or a 3rd party? What IDS? Each software collects it's own logs, as long as it's enabled, and will store them in different locations... Please give more info!
0
 

Author Comment

by:SydNal2009
ID: 39794468
My apology for being so general. I meant to explain that I will need a central point where the logs are sent, i.e. 3rd party firewall log, NIDS log and Windows server log. From that central location can I use an application to examine them. I need to know how to setup this environment, where do I install the log app. in question?
0
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 1332 total points
ID: 39794503
Where you install the "log app" shouldn't really make a difference as long as you tell the program where the logs are located.  Are you trying to do live scans? Daily Scans? etc, i mean do you need to move the log file?  

The Log Management App should be able to collect and analyze on it's own, as long as its setup properly.

Do you know what app you are going to be using?
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 

Author Comment

by:SydNal2009
ID: 39794717
I don't know which app to use, any suggestion is welcomed. I also will need to move the log file. Can you also do reporting using the app? If so, do you know how to do reporting?
I will definitely would want to do live scans. Is there a difference between live scans vs daily scans, and why you would do one over the other?
0
 
LVL 37

Accepted Solution

by:
bbao earned 668 total points
ID: 39795869
you may try ArcSight Logger for free from HP.

"HP ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise log data making it unique in its ability to collect, analyze, and store massive amounts of data generated by modern networks. It supports multiple deployments such as an appliance, software, virtual machine, and within the cloud in both Windows and Linux environment"

http://www.arcsight.net/products/products-logger/

http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA4-1065ENW.pdf
0
 

Expert Comment

by:Irit Gillath
ID: 40355167
You should try also Stackify www.stackify.com it will aggregate all your logs per application. The logs there will clearly mark errors and will provide you all the logs related to an error.
0
 

Expert Comment

by:Naomi Goldberg
ID: 41467922
Users on IT Central Station also use Stackify for log management. This user writes, "I like how Stackify combines capabilities that otherwise required us to use separate tools." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/stackify-review-32175-by-james-cooper

Members of our community that were interested in solutions such as Stackify also read reviews for LogRhythm.  This user writes that LogRhythm has "brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device."  You can see what else he has to say about LogRhythm here: https://goo.gl/L5oZV5.
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question