Support
 
Support Get Quote
 
 
 
 

Log aggregation

Log aggregation

The need for log aggregation

Logs record important security events occurring in a network and play a pivotal role in detecting, investigating, and mitigating security incidents. Virtually all critical systems and applications in a network have built-in logging mechanisms that help administrators track security events of interest. However, logs from individual sources cannot provide the complete picture of what's going on in a network. A user in a network may trigger events across various systems, and viewing the Windows Event Log, or logs from other sources such as firewalls and databases in silos, won't suffice. Instead, admins need to aggregate log data from the various sources in the network and centrally manage, store, and analyze the data.

Typical log sources in a network

While networks vary across organizations, most have the following log sources:

  • Servers (Windows/Unix)
  • Workstations
  • Files and folders
  • Databases
  • Web servers
  • Firewalls
  • Routers
  • Switches
  • IDS/IPS
  • Security solutions such as vulnerability scanners

Logs from these different sources need to be aggregated using a log management tool.

Collecting logs from different sources

Logs can be ingested into a log management tool via an agent, or by using agentless mechanisms depending on log source and other restrictions. Collecting logs boils down to two steps:

  • Define a logging policy on the administrator interface of the concerned device. Ensure an optimal logging policy is set to track security events of interest.
  • Send the logs to the log management tool. This can typically be configured from the tool's GUI.

Centralize log management with EventLog Analyzer

ManageEngine's EventLog Analyzer is a comprehensive log management tool that can aggregate logs from various sources in a network, including the ones mentioned above, to provide a centralized view of important security events occurring in the network.

  • Unified, intuitive dashboard: The customizable dashboard provides a summary of all the security events occurring in the network. This gives security teams a complete snapshot of the key activities at a glance. The dashboard views available are:

    Events overview: Security teams can see the total number of events collected, log trends, alerts triggered, split-up of events based on severity, and other important details.

    Network overview: Security teams can view the allowed and denied connections by firewalls, analyze the traffic trends, and track VPN logons.

    Security overview: Security teams can view the threats that have been flagged from threat sources, IDS/IPS, and correlation rules.

  • Robust search engine: EventLog Analyzer's powerful click-based search engine allows security teams to efficiently investigate security incidents. The interface is easy to use and provides advanced querying functions. Important information pertaining to a given security incident can be extracted in just a few clicks; the search result can then be saved as a report or as an alert profile as needed.
Other features

SIEM

EventLog Analyzer offers log management, file integrity monitoring, and real-time event correlation capabilities in a single console that help meeting SIEM needs, combat security attacks, and prevent data breaches.

Privileged user monitoring

Monitor and track privileged user activities to meet PUMA requirements. Get out-of-the-box reports on critical activities such as logon failures, reason for logon failure, and more.

Windows log management

Centrally manage event log data from Windows devices including workstations, servers, and terminal servers to meet auditing needs. Combat security attacks with real-time alerts and event correlation.

Syslog management

Collect and analyze Syslog data from routers, switches, firewalls, IDS/IPS, Linux/Unix servers, and more. Get in-depth reports for every security event. Receive real-time alerts for anomalies and breaches.

IIS log monitoring

Centrally monitor & audit IIS web server logs. Secure IIS servers by detecting anomalous events with instant email/SMS alerts. Get predefined reports on server errors and attacks.

IT compliance management

Comply with the stringent requirements of regulatory mandates viz., PCI DSS, FISMA, HIPAA, and more with predefined reports & alerts. Customize existing reports or build new reports to meet internal security needs.

Need Features? Tell Us
If you want to see additional features implemented in EventLog Analyzer, we would love to hear. Click here to continue

EventLog Analyzer Trusted By

Los Alamos National Bank Michigan State University
Panasonic Comcast
Oklahoma State University IBM
Accenture Bank of America
Infosys
Ernst Young

Customer Speaks

  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

Awards and Recognitions

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
A Single Pane of Glass for Comprehensive Log Management