Scriptme.net fresh news

Dave Bailey, IT Week, Wednesday 16 January 2008 at 00:00:00

LogLogic 4 allows real-time analysis of data logs to aid compliance and risk mitigation

LogLogic's turnkey appliance-based system for the capture and processing of log data should appeal to any enterprise that is required to demonstrate compliance with corporate governance regulations such as Sarbanes-Oxley and the Payment Card Industry (PCI) Data Security Standard. The LogLogic appliances we reviewed were from the high end of the firm's two product families. The LX Series 2010 appliance performed real-time log collection and analysis functions, while the ST Series 3010 system that we daisy-chained to the LX2010 automated the archiving of the logs, applying certificated timestamps to protect them against tampering. After attaching the two appliances to IT Week Labs network, both the LX2010 and ST3010 were loaded with eight Seagate Barracuda serial ATA (Sata) hard disks and two power supply modules. The appliances were ready to run after disk synchronisation, which took between 10 and 15 minutes. Both appliances are 2U high and use AMD 2.4GHz dual-core Opteron processors. Due to its role as the archival and log forensics appliance, the ST3010 has 2GB of memory and 4TB of storage ­ twice that of the log-collecting LX2010 appliance. The LX2010's 2TB of disk storage is set up as Raid 1+0, while the 4TB used by the ST3010 is configured as Raid 5+1, which maximises both fault-tolerance and availability. We managed the initial setup through a standard serial console. After we had got the LX2010 to autodiscover our IT assets and set up both appliances to access an NTP server, we were able to continue managing the appliance using either a web browser from our Windows Server 2003 system, or a free Telnet/SSH client such as Putty. To make our test as realistic as possible, we set up a script to populate the appliances with significantly more log data than would normally be generated by IT Week Labs network infrastructure. Interface The LX2010's web interface is divided into two sections. The upper section holds the dashboards, real- time log data views and alerts, together with all the reporting options, while the lower section holds the administration and maintenance features. The top half of the interface has eight tabs down the side, which drill down into numerous sub-tabs. The main tabs are: Dashboards, Real-Time Viewer, Search, Alerts, Custom Reports, Real-Time Reports, Summary Reports and Preferences. Clicking on the Management Station dashboard brings up a graph of the number of log messages processed by the LX2010 over time, and also the number of messages processed per second, which could allow...

> Read the full article