Syslog Management Solution

SYSLOG-NG STORE BOX

The syslog-ng Store Box™ (SSB) is a high-performance, high-reliability log management appliance that builds on the strengths of syslog-ng Premium Edition. With SSB, you can search logs, secure sensitive information with granular access policies, generate reports to demonstrate compliance, and forward log data to 3rd party analysis tools.

COLLECT AND INDEX LOG DATA AT UNPARALLELED SPEEDS

SSB uses the syslog-ng Premium Edition as log collection agents which provide highly scalable and reliable log collection. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial versions of UNIX and Windows
The syslog-ng Store Box’s indexing engine is optimized for performance. Depending on its exact configuration, one syslog-ng Store Box can collect and index up to 100,000 messages per second for sustained periods. A single SSB can collect log messages from more than 5,000 log sources. When deployed in a client-relay configuration, a single SSB can collect logs from tens of thousands of log sources

log-server-performance-461x323

SEARCH, TROUBLESHOOT, AND REPORT

With SSB’s full-text search, you can search through billions of logs in seconds via the intuitive web-based user interface. Wildcards and Boolean operators allow you to perform complex searches and drill down on the results. Users can gain a quick overview and pinpoint problems. Users can easily create customized reports from the charts and statistics they create on the search interface to demonstrate compliance with standards and regulations such as PCI-DSS, ISO 27001, SOX and HIPAA.

STORE AND FORWARD

With SSB you can store large amounts of log data, create automated retention policies, and backup data to remote servers. The largest SSB appliance can store up to 10 terabytes of uncompressed data. You can also forward logs to 3rd party analysis tools or fetch data from SSB via its REST API.

log-server-reporting-462x296

SECURE YOUR LOG DATA

Log data frequently contains sensitive information. SSB can store log data in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only. Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases

ssb_flyer_figure01_transp-585x361-585x361-585x361

PRODUCT FEATURES

FLEXIBLE, LOW-FOOTPRINT LOG COLLECTION AGENT FOR 50+ PLATFORMS

Every installation of SSB comes with the possibility of using syslog-ng Premium Edition as log collection agents or relay servers at no additional cost. Installers are available for 50+ platforms, including the most popular Linux distributions, commercial flavors of UNIX and Windows.

HIGHLY SCALABLE INDEXING ENGINE

The syslog-ng Store Box is optimized for performance, and can handle enormous amounts of messages. Depending on its exact configuration, it can index over 100,000 messages per second for sustained periods and process over 70 GB of raw logs per hour. Larger versions of the appliance are capable of storing up to 10 terabytes of data.

REAL-TIME LOG DATA TRANSFORMATION

  • Filter, Parse, Re-Write

    The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations.

  • Normalize data with PatternDB

    The syslog-ng application can compare the contents of the log messages to a database of predefined message patterns.

  • Real-time log message classification

    By comparing log messages to known patterns, syslog-ng is able to identify the exact type of the messages, and sort them into message classes. The message classes can be used to classify the type of the event described in the log message. The message classes can be customized, and, for example, can label the messages as user login, application crash, file transfer, etc.

  • Extracting important information from messages

    In addition to classifying messages, you can also add different tags which can be used later for filtering messages, for example, to collect messages tagged as user_login to a separate file or to perform conditional post processing on the tagged messages.

  • Real-time event correlation

    syslog-ng also makes real time event correlation possible. This can be useful in many different situations. For example, important data for a single event is often scattered into multiple syslog messages. Also, login and logout events are often logged far away from each other, even in different log files, making log analysis difficult. Using correlation these can be collected into a single new message.

FLEXIBLE, FAST SEARCH CAPABILITY

Using the web-based user interface, users can search for logs by a variety of message parameters and text searches. Wildcards and Boolean operators allow users to perform complex searches and drill down on the results. Users can get an overview and quickly identify problems.

CUSTOMIZED REPORTING

Users can easily create customized reports from the charts they create on the search interface.

REST API

You can also forward logs to 3rd party analysis tools or fetch data from SSB via its REST API. You can access the API using a RESTful protocol over HTTPS, meaning that you can use any programming language that has access to a RESTful HTTPS client to integrate SSB into your environment, including popular languages such as Java and Python.

SECURE TRANSFER USING TLS

syslog-ng Premium Edition ensures that messages cannot be accessed by third parties by using the Transport Layer Security (TLS) protocol to encrypt the communication between the agents and syslog-ng Store Box. It is possible to use one-way or mutual authentication between clients and the server using X.509 certificates.

SECURE, ENCRYPTED LOG STORAGE

Any sensitive log data can be stored in in encrypted, compressed, and time-stamped binary files restricting access to authorized personnel only.

GRANULAR ACCESS CONTROL

Authentication, Authorization and Accounting settings can restrict access to the SSB configuration and stored logs based on usergroup privileges and can be integrated with LDAP and Radius databases.

AUTOMATED BACKUP OF STORED DATA

Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols:

  • Network File System protocol (NFS);
  • Rsync over SSH;
  • Server Message Block protocol (SMB/CIFS).

HIGH PERFORMANCE HARDWARE

High Availability

Hardware-based versions of syslog-ng Store Box can be set up to operate in a hot-spare HA cluster configuration.

Message Rate Alerting

SSB can be configured to send alerts based on the number of messages being received from sources. Minimum and maximum log message thresholds for specified time periods can be set to monitor the log management infrastructure for any performance issues.



Related Articles

DT Asia 企業IT安全解決方案概述

*****OneIdentity Syslog-Store Box – 集中日誌收集和管理解決方案 syslog-ng Store Box™(SSB)是一種高性能,高可靠性的日誌管理設備,它建立基於syslog-ng Premium Edition的優勢。使用SSB,您可以搜索日誌,透過細粒度資料存取策略保護敏感信息,提供報表以證明合規性並將日誌數據轉發到第三方分析工具。通過利用syslog-ng日誌處理和過濾功能,您可以通過減少數量並提高SIEM數據的質量來提高SIEM解決方案的性能。 syslog-ng Store Box™(SSB)主要特點: – 收集和索引 – 搜索和報告 – 存儲和轉發 – 保障日誌數據安全   ***** Fidelis網絡安全:威脅檢測和反應解決方案 ( Not for China Market ) Fidelis Network: 識別威脅和數據泄漏需要對所有形式的內容進行深入檢查和分析,包括解壓縮和提取深層嵌入的文件。 Fidelis Network可以雙向掃描所有網絡流量,無論任何端口或協議,都可以顯示網絡和應用程序協議,文件和內容。 通過進行實時網絡分析並識別indicate compromises的行為,Fidelis Network為主動發現攻擊者,可疑主機和惡意軟件提供自動檢測。 包括可以放置在整個網絡中的多個傳感器,以實施預防策略。這些傳感器可以根據您的網絡配置和預防容差放置在線或帶外。 Fidelis Network利用我們業界最佳的內容解碼和檢測引擎檢測並防止數據被盜。充分了解滲透嘗試並確保您的敏感數據安全。 Fidelis Endpoint: Fidelis Endpoint提供對所有端點活動的可見性,包括進程操作,登錄用戶,註冊表寫入,文件系統活動和內存。通過應用Fidelis了解威脅情報,自定義警報規則,YARA和OpenIOC格式來分析,警報和收集系統事件,從而檢測威脅。無論端點是在網絡上還是離線,Fidelis的可見性始終處於開啟狀態。 通過執行系統附帶的任務或為您的環境自定義的任務,自動響應任何檢測。響應任務包括端點隔離,創建和使用還原點,進程終止和文件刪除。您還可以快速啟動調查,包括內存分析,漏洞掃描和系統清單。通過與Fidelis Elevate整合,對網絡中檢測到的威脅執行響應操作。 Fidelis Endpoint可以通過Fidelis AV進行增強,因此您可以準確了解威脅的來源。 Fidelis AV提供傳統的簽證和基於啟發式的檢測以及端點上的威脅防護。進程掃描允許用戶通過雜湊或使用易於創建的YARA規則來阻止進程的執行。 Deception: 對所有網絡資產,通信路徑和網絡活動進行分類,以分析您的用戶,服務和資產。結果是包含所有資產的網絡配置文件,包括服務器,工作站,企業物聯網設備和影子-IT。隨著環境中發生的變化,配置文件會不斷調整。 從自動發現環境,利用準確的信息自動生成欺騙層的誘餌。誘餌具有與環境匹配的配置文件,服務和活動,以及用於放置在附近真實資產上的推薦面包屑,以作為誘餌的誘餌。配置選項可用於自定義欺騙層。 […]

Secured file transfer solution

GoAnywhere MFT™ is a managed file transfer solution which automates and secures file transfers using a centralized enterprise-level approach. Incorporating GoAnywhere MFT will save you time and money, improve security and help your organization to meet compliance requirements. Protecting sensitive data is of paramount importance in today’s environment. GoAnywhere MFT will provide a safe and audited method […]

Privileged user monitoring

SHELL CONTROL BOX Shell Control Box is a user monitoring appliance that controls privileged access to remote IT systems, records activities in searchable, movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise device, completely independent from clients and servers – integrating seamlessly into existing networks. SCB is a core component of […]

Advanced Threat Defense

General Dynamics Fidelis Cyber security Solutions provides organizations with a robust, comprehensive portfolio of products, services, and expertise to combat today’s sophisticated advanced threats and prevent data breaches. Our commercial enterprise and government customers around the globe can face advanced threats with confidence with our Network Defense and Forensics Services, delivered by an elite team […]

Contact DT Asia Group Hong Kong

Address: Unit 929, Kowloon Bay Industrial Centre,
15 Wang Hoi Road, Kowloon Bay, Hong Kong
Tel: +852 58010001
Emailsales@hk.dtasiagroup.com

Like Our Facebook Page :)