Consolidate your logs and find golden nuggets

The CIO-level business angle on the latest tech

You may think of your log data as being rather mundane, but have you ever considered that it’s a treasure trove of business intelligence? Of course, it’s only “intelligence” if it can be presented in a way that helps you make sense of what’s really happening on the network and give you insight you can turn into action.

That's the premise behind the offerings of LogRhythm, a Colorado company that provides enterprise log management and analysis. The company was founded in 2003 and its product is in its fourth generation. LogRhythm boasts that it has a 100% customer retention rate, so it must be doing something right.

What the company does is simple, but not easy to accomplish: consolidate all the records from every kind of log you have; normalize the data from the various sources into a standard form so you can interpret it; and perform analysis to help you clearly see problems, root causes and trends.

In a typical enterprise with a wide range of devices and applications, logs from a multitude of sources can account for 25% of the data being generated, totaling millions of individual data points per day. LogRhythm collects all these logs and normalizes the data into one format. Then the data is prioritized and classified for use by people in different job roles, including operations, security and audit. In the end, all the log data is stored so that it’s available for back-end investigations and long-term trending.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

You may think of your log data as being rather mundane, but have you ever considered that it’s a treasure trove of business intelligence? Of course, it’s only “intelligence” if it can be presented in a way that helps you make sense of what’s really happening on the network and give you insight you can turn into action.

That's the premise behind the offerings of LogRhythm, a Colorado company that provides enterprise log management and analysis. The company was founded in 2003 and its product is in its fourth generation. LogRhythm boasts that it has a 100% customer retention rate, so it must be doing something right.

What the company does is simple, but not easy to accomplish: consolidate all the records from every kind of log you have; normalize the data from the various sources into a standard form so you can interpret it; and perform analysis to help you clearly see problems, root causes and trends.

In a typical enterprise with a wide range of devices and applications, logs from a multitude of sources can account for 25% of the data being generated, totaling millions of individual data points per day. LogRhythm collects all these logs and normalizes the data into one format. Then the data is prioritized and classified for use by people in different job roles, including operations, security and audit. In the end, all the log data is stored so that it’s available for back-end investigations and long-term trending.

The LogRhythm solution is delivered as an appliance, or as software-only. Optional storage from NetApp can be bundled as part of the solution. You can collect the log data from your various sources without an agent or with an agent when circumstances require. Either way, the log data is forwarded to a central server for normalization and analysis.

Customers who seek out the LogRhythm solution usually do so to meet a specific business need; for example, to spot anomalous behavior more easily or to meet a regulatory compliance directive. Then, once the solution is installed, additional ways to use the insight from the information present themselves.

The Tampa International Airport installed LogRhythm to help ensure compliance with the PCI DSS regulation. Kathleen Mullin is the IT Systems Security Manager for the airport. “We first brought LogRhythm in to help us with PCI compliance for our parking application,” says Mullin. “The airport system’s largest revenue source is parking, and many of our customers pay with a credit card when they retrieve their cars. We have to know and prove that our transactions are secure. LogRhythm has great canned reports for PCI, and we can immediately see what the status of our network is.”

Mullin also uses the solution to monitor anomalous behavior. “We use Active Directory in our environment,” says Mullin. “When a group is modified, we can easily cross reference that activity with the change management logs to be sure the change was approved and expected.”

“We also use the analysis from the log data to see what devices are ‘noisy’,” says Mullin. “When we see lots of activity on a particular device, it usually means there is a problem. Maybe the device needs a software patch. By looking at the reports from LogRhythm, we can diagnose root causes and we don’t have to assume what the behavior is caused by.” She adds, “It’s a very comprehensive tool. We always have it up and running and we have alerts that help us be more proactive in resolving issues. It gives us a holistic picture of our network by allowing us to view operational, security and audit logs at one time.”

Linda Musthaler is a principal analyst with Essential Solutions Corporation.