Solved

Log management

Posted on 2014-01-20
7
255 Views
Last Modified: 2016-03-28
I have been tasked to collect firewall log, IDS logs and server logs to examine them using an application looking for information. How do I setup the collection of these logs and where do i install the log application.
0
Comment
Question by:SydNal2009
7 Comments
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794415
Very general question, will need more info.. What OS? I see it's windows, Windows Firewall or a 3rd party? What IDS? Each software collects it's own logs, as long as it's enabled, and will store them in different locations... Please give more info!
0
 

Author Comment

by:SydNal2009
ID: 39794468
My apology for being so general. I meant to explain that I will need a central point where the logs are sent, i.e. 3rd party firewall log, NIDS log and Windows server log. From that central location can I use an application to examine them. I need to know how to setup this environment, where do I install the log app. in question?
0
 
LVL 4

Assisted Solution

by:tmx84
tmx84 earned 333 total points
ID: 39794503
Where you install the "log app" shouldn't really make a difference as long as you tell the program where the logs are located.  Are you trying to do live scans? Daily Scans? etc, i mean do you need to move the log file?  

The Log Management App should be able to collect and analyze on it's own, as long as its setup properly.

Do you know what app you are going to be using?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:SydNal2009
ID: 39794717
I don't know which app to use, any suggestion is welcomed. I also will need to move the log file. Can you also do reporting using the app? If so, do you know how to do reporting?
I will definitely would want to do live scans. Is there a difference between live scans vs daily scans, and why you would do one over the other?
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 167 total points
ID: 39795869
you may try ArcSight Logger for free from HP.

"HP ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting, and analysis across any type of enterprise log data making it unique in its ability to collect, analyze, and store massive amounts of data generated by modern networks. It supports multiple deployments such as an appliance, software, virtual machine, and within the cloud in both Windows and Linux environment"

http://www.arcsight.net/products/products-logger/

http://h20195.www2.hp.com/V2/GetPDF.aspx%2F4AA4-1065ENW.pdf
0
 

Expert Comment

by:Irit Gillath
ID: 40355167
You should try also Stackify www.stackify.com it will aggregate all your logs per application. The logs there will clearly mark errors and will provide you all the logs related to an error.
0
 

Expert Comment

by:Naomi Goldberg
ID: 41467922
Users on IT Central Station also use Stackify for log management. This user writes, "I like how Stackify combines capabilities that otherwise required us to use separate tools." You can read the rest of his review here: https://www.itcentralstation.com/product_reviews/stackify-review-32175-by-james-cooper

Members of our community that were interested in solutions such as Stackify also read reviews for LogRhythm.  This user writes that LogRhythm has "brought all of our devices into one area, so I am able to understand and manage all of our devices and understand what is going on with an individual device."  You can see what else he has to say about LogRhythm here: https://goo.gl/L5oZV5.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now