EventTracker Log Management provides administrators and analysts with scalable log collection, fast search, rule-based alerting, analytics and reporting to meet their event log monitoring, threat detection and compliance needs.
EventTracker’s log management capabilities include support for thousands of network devices and access to over 20,000 log definitions for Windows, firewalls and applications including. Get continuous, centralized log data collection, log analytics and alerting across your IT environment.
EventTracker comes with hundreds of pre-configured operations and security alerts. Define your own rule-based alerts with real-time notifications. Get real-time security event forensic analytics with acknowledge, forward or annotate Incident Response options.
Implement continuous security and compliance monitoring with real-time threat detection. Leverage Elastic Search’s fast search capabilities including pre-built, common search queries, drill-down, pivot, include/exclude and export. Get over 1,500 pre-defined security and compliance reports.
Regulatory compliance requires log management. Collection and storage of network device logs, Window Event Logs, Syslogs and application logs must be operationalized along with analytics to ensure the security of systems used to access protected data. Manual log management is labor intensive and may result in gaps in audit logs that can lead to findings of non-compliance and fines.
EventTracker is recognized by both Gartner and SC Magazine as an event log management tool leader. It delivers or surpasses the logging and analytics capabilities of competitors like Splunk but with a more user-friendly interface and price tag. Compliance packages and 100’s of pre-defined reports come at no-extra charge.
Fast. EventTracker indexes centralized logs to Elastic Search using an extensible Common Indexing Module and flexible UI to provide fast and comprehensive log analysis search query capabilities. Elastic Search is a powerful, search and analytics engine extensible to handle the largest big data applications and ideally suited for centralized log management.
EventTracker’s flexible UI provides drill-down, pivot, include/exclude and export as well as time slicing, trending and hundreds of pre-built log analytics queries.
EventTracker log management comes with an optimized, performant Event Vault. The archives are SHA-1 tamper evident, a key requirement for compliance with ISO-27001 security best-practice requirements.
EventTracker comes with over 1,500 pre-defined regulatory compliance and security reports. Log management compliance support includes PCI-DSS, HIPAA, ISO 27001, GDPR, NIST 800-171 and more.
Every system in your network generates some type of log file. In fact, a log entry is created for each event or transaction that takes place on any machine or piece of hardware–think of it as acting as your “journal of record”. Microsoft-based systems generate Windows Event Log files, and UNIX-based servers and networking devices use the System Log or Syslog standard. Web Application servers like Apache or IIS, as well as Load Balancers, Firewalls, Proxy Servers, or Content Security appliances generate W3C/IIS log files.
Centralized Log Management should be a key component of your compliance initiatives, because with centralized logs in place, you can monitor, audit, and report on file access, unauthorized activity by users, policy changes, and other critical activities performed against files or folders containing proprietary or regulated personal data such as employee, patient or financial records. A centralized log management strategy should include overseeing Event Logs, Syslog and W3C logs. And this is key because information breaches come equally from internal and external sources. For example, Windows Event Logs will give you visibility into potential harmful activities conducted by disgruntled employees, while Syslog management will give you control over your network perimeter.
Windows-based systems have several different event logs that should be monitored consistently. Of these logs, the most important is the Security Log. It provides key information about who is on logged onto the network and what they are doing. Security logs are important to security personnel to understand if vulnerability exists in the security implementation.
Syslog is a log message format and log transmission protocol defined as a standard by the Internet Engineering Task Force (IETF) in RFC-3164 with draft improvements in RFC-5424. Networking devices, UNIX and Linux systems, and many software and hardware platforms, implement Syslog as a standard logging format and means to transmit and collect those log files in a centralized log management repository. Using Syslog information, you can capture highly detailed information about the status of a device or a number of devices. The information can be sorted and parsed to see atypical behavior through changes in operational or performance patterns. These changes may indicate a single or multiple problems. Storage of Syslog log data can also support compliance efforts by providing audit logs to trace any event that may affect network reliability and protection of data. This is important as it proves control of all information to auditors.
Similarly, W3C logs also provide information on user and server activity. These audit logs should too be monitored as they provide valuable information that you can use to identify any unauthorized attempts to compromise, for example, your Web server. IIS log files are a fixed (meaning that it cannot be customized) ASCII format, which record more information than other log file formats, including basic items, such as the IP address of the user, user name, request date and time, service status code, and number of bytes received. In addition, the IIS log file format includes detailed items, such as the elapsed time, number of bytes sent, action, and target file.
By deploying a centralized log management solution, you can easily manage the frequently overwhelming amount of log information generated by your systems. Real-time access to log data will allow you to filter and locate that one “needle in a haystack” event that could be the cause of a security breach.