WhatsUp Gold: Daily Network Monitor Blog

Network Monitoring News

Posts Tagged ‘ Syslog ’

By Jessica Kenney

Although WhatsUp Log Management Suite v10 makes log management for security and compliance as painless as possible – we’ve now made it even easier to save time! With the version 10.1 update, there are many new ways to enhance efficiency:

  • In addition to preexisting reports for HIPAA, SOX, etc, there are now new out-of-the-box, point-and-click reporting for FERPA, NERC CIP, and NISPOM
  •  Save time adding Syslog-generating devices to your log monitoring and archiving solutions:
  • More ways to be alerted of a potential breach with new alarms for Cisco IOS events

Learn more about WhatsUp Log Management v10.1 and all it has to offer. 

Try it FREE for 30-days!

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Jessica Kenney

Customers frequently ask questions about the necessity of Syslog. “I have turned SNMP on and am collecting SNMP stats and alerts. Isn’t that enough?” It depends.

The first answer is relatively simple; if you are monitoring solely for up/down status, well known error conditions, some performance parameters and high-level troubleshooting, then SNMP will address your needs.

However, to understand individual device to device or user to device transactions at a highly detailed level then it is advisable to enable Syslog and collect the messages generated by each device.

While most networking devices support SNMP and virtually all network management solutions use SNMP as their main mechanism to provide status of networked devices, SNMP can be limited in scope compared to Syslog. For example, a large Cisco switch may have over 6,000 different Syslog event messages and the specific SNMP MIB for the device supports approximately 90 trap notifications.

Would you rather have 6,000 different types of events to monitor through Syslog or 90 through SNMP?

While 6,000 different events may seem daunting, some of the lower level informational or debug messages can be filtered out for reporting and analysis, but still stored as part of a Syslog log management strategy. The good news here is that customers can now have the best of both worlds.

Check out WhatsUp Gold for your SNMP needs and for Syslog try WhatsUp Gold Event Log Management Suite.

Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Kaitlyn Myers

WhatsUp Gold’s free Syslog Server provides you with a feature rich tool to help you manage your syslog needs, including enhanced export capabilities. View the messages in real-time or filter results data the way you need to see it. Take charge of your network by understanding the data your devices are giving you.

Would you like to:
  • Automatically collect both Syslog and Windows event logs across your network?
  • Store your log files for as long as you need (e.g. HIPAA mandates log data retention for 6 years)?
  • Prevent tampering with your archived log files?
  • Receive real-time alerts for key events (e.g. access and permission changes to files, folders, and objects containing employee or financial records, patient information and any other critical information).
  • Generate and automatically distribute compliance or security-centric reports to key stakeholders such as auditors, security personnel or upper management?

Get the Syslog Server today for free (or, if you answered yes to any of the above questions, consider checking out WhatsUp Event Log Management Suite)

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Kaitlyn Myers

The WhatsUp Gold Engineer’s Toolkit was designed to make your life as a network administrator easier. We are excited to announce three new tools to help increase your ability to quickly and easily manage your network.

Having trouble managing syslog messages from various parts of your network? Syslog Server allows you to collect, save, view and forward syslog messages from anywhere in the network.

If you’re tired of manually logging into your interfaces to visualize traffic readings, see our new Interface Bandwidth tool. This application provides you with one interface from which you can read, gather and understand traffic info in real-time.

The third new addition to the Engineer’s Toolkit is the TFTP Server. This service-based tool can help you simplify and secure the transfer of system and configuration files, such as operating system software or device configuration files, throughout your network.

Enjoy these and other network administrator tools with the WhatsUp Gold Engineer’s Toolkit version 1.1.  Download it now.

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Kaitlyn Myers

This new log management platform boosts enterprise security, regulatory compliance and forensics

WhatsUp Event Log Management 9.0 allows enterprises of all sizes to protect critical information and meet important security and regulatory compliance requirements. The modular set of applications delivers a flexible, user-friendly format to simplify the challenges and complexity of log management.

With WhatsUp Event Log Management, customers can automatically collect, store, analyze, alert and report on both Windows Event and Syslog files for real-time security event detection and response, compliance assurance and forensics.

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Sean Barry

It’s been awhile since our last post on Event Log Management (ELM) Best Practices, but the issue is no less prevalent. Last time we discussed the necessary categories of events to enable when performing security audits (log on, account log on, object access, process tracking, policy change, account management, directory service access, and system events).

This week we will focus on automating the consolidation of ell log records. When you choose an ELM solution it is vital that you consider the automation, means of storage, and compression of log files. With the correct ELM solution in place you shouldn’t have to check on it daily or even weekly. A hands-off product usually only requires initial configuration and occasional tweaks. You may be looking to manage log files for compliance purposes, an internal security policy, or industry standards. Either way, it is necessary to have a collection strategy in place to deal with your log data.

Because Syslog files and Windows event logs are decentralized by default, each network device or system records its own activity. If you’re a network administrator managing security and compliance initiatives, you then need to combine this data for effective analysis and reporting. The process of merging data in a reliable manner can now be automated.

Why log data collection automation is necessary

Typically, an administrator will use an ELM tool to automatically gather log records on a nightly basis by saving and clearing active event log files from each system, compiling them in a central database (e.g. Microsoft SQL or Oracle), and compressing the saved files for storage centrally on secure file server.

There are pros and cons to compressing log data in flat files. For one, they are much cheaper to store when flat. However, for ad hoc or scheduled reporting and analysis it is helpful to keep an active working set of data (for 60 to 90 days). For that reason, there is a distinct auditing advantage to keeping log data in two formats, flat files and DB records. In most cases the majority of an audit is spent hunting down and restoring compressed flat files. You will want an ELM solution that allows for easy re-import of old saved log files back into your database should they be needed. Therefore we recommend you store log data in both formats.

Read the Whitepaper for more ELM Best Practices, or check back here for more of the blog series.

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit

By Kaitlyn Myers

October is National Cyber Security Month.  In honor of this important topic in technology, we thought we’d chat a bit about our network management perspective on three common traps for security, risk management, and compliance:

Risk management isn’t just about business continuity and security. It is about the personal risk of IT managers when compliance and security regulations are not met. Network management software can help IT managers reduce risk throughout the corporate network while keeping their IT operations running smoothly. The first trap is when infrastructure components fail to work, leading to a failure in compliance, for example when internet connectivity is down due to a malfunctioning router and a regulatory filing misses the deadline. An effective network management solution can ensure connectivity across the enterprise’s infrastructure and communication services and can run synthetic transactions to periodically test performance and enable proactive steps when necessary.

Another frequent trap is when devices and systems are compromised, leading to compliance and security gaps. For example, if a wireless access point is tapped and company data traffic is exposed to an unauthorized external user or security privileges are changed so that unauthorized users now have access to data that they should not. In the first case, companies should make sure they have a network management solution in place that can provide visibility across all wireless access points, their status, users, connections and throughput, enabling high data flows or unauthorized attempts to log on to be tracked. Event log management software can collect, filter, analyze and alert to any such unauthorized change, or attempted changes, based on Windows Event log and Syslog records.

The third and final trap which network management software can help companies avoid is the failure of IT processes. For example, a configuration file is updated to a router with suspicious settings that redirects traffic to a malware site or application. In this case, administrators and IT managers should make sure that they have a solution in place that can automatically alert to any change that does not follow the established network policies and device configuration settings. All such changes are also captured by event log management software, thus providing comprehensive audit and pinpointing of rogue users who may be involved.

As these are all either preventable or recoverable in a short space of time as soon as the alert is known, IT managers have the responsibility to make sure that they have put the right monitoring solution in place from the outset.

Enhanced by Zemanta
Share:
  • Facebook
  • Twitter
  • Digg
  • Tumblr
  • StumbleUpon
  • del.icio.us
  • Yahoo! Buzz
  • Google Bookmarks
  • Reddit