Careers  |  Support Login  |  Contact Us  
 
 

Log Data Collection And Management

The core of LogRhythm is our industry leading log data collection and management architecture. The LogRhythm architecture has been designed to meet the following basic requirements:

  • The ability to collect any type of log data regardless of source
  • The ability to collect log data with or without installing an agent on the logging device
  • The ability to "normalize" any type of log data for more effective reporting and analysis
  • The ability to "scale-down" for small deployments and "scale-up" for extremely large
  • An open architecture allowing direct and secure access to log data via third-party analysis and reporting tools
  • A role based security model providing user accountability and access control

Cross Platform Log Collection

Today's business operations require many technologies; routers, firewalls, switches, file servers, and ERP applications to name a few. LogRhythm has been designed to collect from them all using agent and agent-less techniques.


Windows Event Logs:  Agent-less or Agent-based

LogRhythm can collect Windows Event Logs with or without the use of an agent.  Agent-less Event Log collection significantly reduces deployment time and overall cost of ownership. Many windows-based applications write their logs to the Application Event Log or a custom Event Log. Examples of supported log sources using this method include:
  • Windows System Event Log
  • Windows Security Event Log
  • Microsoft Exchange Server application logs
  • Microsoft SQL Server application logs
  • Windows based ERP and CRM systems application logs

Windows Event Logs

Syslog

Syslog is a standard for transmitting log messages across the network. LogRhythm includes an integrated Syslog server for receiving and processing these messages. Example systems supported via this mechanism include the following:

  • Cisco and other syslog reporting routers
  • Cisco and other syslog reporting switches
  • Cisco PIX, Netscreen, and other syslog reporting firewalls
  • Cisco, Snort and other syslog reporting intrusion detection/prevention systems
  • HP-UX, Solaris, and other syslog reporting Unix-based operating systems

Syslog

Flat File Logs

LogRhythm can collect logs written to any ASCII based text file. Whether a commercial system or homegrown, if the logs are written to a file, LogRhythm can collect them. Examples of supported log sources using this method include:

  • Apache and IIS web servers
  • Linux system logs
  • Windows ISA server logs
  • DNS and DHCP server logs
  • Host based intrusion detection/prevention systems

Flat File Logs

Scalable Log Centralization

Because technologies can log a tremendous amount of information, LogRhythm provides 'horizontally' scalable log storage. A LogRhythm deployment can consist of a single Log Manager collecting 10's of millions of logs per day or ten Log Managers collecting 100's of millions of logs per day. As more logs are generated or as additional systems are integrated, LogRhythm can be easily expanded to meet the increased log centralization requirements.

Scalable Log Centralization

Time Synchronization

An important aspect of log centralization is time synchronization.  In many IT operations, systems are spread across time-zones and system clocks aren't synchronized to a single source. For this reason, LogRhythm automatically synchronizes the timestamps of all log entries to a single 'normal time' for reporting and analysis purposes. This is extremely valuable in analyzing log data across distributed systems where time of occurrence is important. If one log was written at 3:00 PM EST and across the country, another log was written at 12:00 PM PST, within LogRhythm they both occurred at the same time.

Log Archiving And Recovery

Many businesses have a compliance requirement to keep historic log data. Collecting, maintaining and recovering historic log data can be expensive. Imagine trying to recover logs from a specific server two years in the past. Were the logs archived, if so, where have the logs been stored? What format are they in? Can the correct archived log files be identified among the tens of thousands (or millions) of other archive files?

LogRhythm completely automates the process of archiving and restoring log data.  Based on your policy, LogRhythm automatically archives log data to archive files. LogRhythm archive files include 'bookkeeping' information such as where and when the log data originated. Archive files are saved in a compressed format resulting in a 90% reduction in storage requirements and associated cost.

Recovering historic logs is a simple process. The Archive Restoration Wizard guides you through a four step process. Hit start and LogRhythm takes care of the rest. Once restored, log data can be analyzed using the same LogRhythm analysis tools. What could have been days worth of effort becomes minutes.

Log Archiving and Recovery

Activity Auditing

For compliance verification, user's and administrator's actions within LogRhythm are logged.  LogRhythm user activity reports provide powerful proof that LogRhythm is actively used to analyze log data for compliance purposes.

  
   
 Log Management
 Log Analysis
 Compliance Solutions
 Security Solutions
 IT Optimization Solutions
©2008 LogRhythm | All rights reserved.