Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

Log and event management appliances improve compliance, security, operations

By Chris Petersen , Network World , 03/19/2008
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
  • Share/Email
  • Tweet This
  • Comment
  • Print

Log and event management is now a requirement for organizations that need to monitor security and IT policy enforcement, document compliance, and achieve IT operations excellence without increasing head count. However, current approaches to log and security event management force customers to purchase and integrate two or more products for each discipline. This approach is complex, costly, and difficult to deploy and manage for enterprises with large data centers, distributed operations and/or branch offices.

In a typical organization, millions of logs are generated by every system, application and device on the network every day. According to the SANS Institute, logs represent up to 25% of the total data created in a typical enterprise.

While most logs are not important or meaningful, a small percentage are extremely valuable. They contain insights and warnings about the health of the network, security issues, compliance violations and operational problems.

To unlock the value of logs, a new class of appliance has emerged that combines universal log-data collection, analysis, event management, automated report distribution and incident response. They employ a building-block approach that allows organizations to start with a single appliance then add more devices as the number of log sources and volumes grow. A single management console makes expansion seamless.

These new log- and event-management appliances perform the following continuous cycle of functions:

* Log collection: Log sources can include servers, applications, databases, firewalls, switches, routers, point of sale (POS) systems and more. Anything connected to the network is likely generating logs. Logs can be delivered to the appliance via standard network-logging protocols such as Syslog and Netflow. They can be pulled from Windows hosts (event logs) and any database compliant with Open Database Connectivity. Logs also can be collected by agents from remote sites and flat-file sources (that is, Web server logs) and forwarded to the appliance.

* Log management: Since log formats are as varied as the log sources themselves, once logs are collected they must be normalized. Log normalization includes classifying logs so they can be correlated, stored, reported on and managed. Normalization is a key step in transforming logs from raw data to valuable information. During the normalization process, the appliance also automatically synchronizes the time stamps of all log entries to single ‘normal time’ for reporting and analysis purposes.

* Archival and restoration: Many organizations must retain log data for specific periods to meet regulatory requirements. Integrated log- and event-management appliances completely automate the process of archiving and restoring log data. Based on policy settings, the appliance automatically archives log data and generates bookkeeping information such as where and when the log data originated. Archive files are cryptography signed and compressed, providing tamper-proof, cost-effective long-term storage. They can be easily restored via intuitive wizard-based tools that verify the archive files have not been modified since originally created.

  • Share/Email
  • Tweet This
  • Comment
  • Print

Partner Content

Blue Stripe Software

www.bluestripe.com/

Improving Application Performance Troubleshooting

Diagnosing why an application is slow is hard, at times taking days or weeks to isolate and resolve. This paper explains the challenges involved using current management tools, provides a 'wish list' for application management and analysis, and explains the need for an application system-wide approach that monitors entire applications, not components.

Download Whitepaper

Virtual Vigilance: Managing Application Performance in Virtual Environments

This paper highlights the impact of virtualization on application performance.  "Managing Application Performance in Virtual Environments" states: "Best-in-Class organizations are predominately taking actions around improving visibility across both physical and virtual systems, assessing the business impact of application performance and understanding interdependencies of applications in virtualized environments."

Download Whitepaper

Application Service Requests: The Missing Link for Pragmatic ITSM

Forrester Research analyst Glenn O'Donnell and BlueStripe co-founder Vic Nyman discuss a breakthrough approach to application problem management. Learn the new approach for ITSM problem management, which provides: Rapid isolation of application slow-downs to specific components for quick problem resolution, 24/7 monitoring for proactive notification of potential issues before end users are impacted and much more.

Register for Webcast

Comments (1)
Login
Forgot your account info?

Unlock the value of logs - data classificationBy Anonymous on March 28, 2008, 3:51 pmAn excellent synopsis. In the age ever increasing regulatory compliance, more enterprises are being forced to expand and formalize their log management solutions....

Reply | Read entire comment

View all comments

Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed