TIBCO LogLogic Unity Quick Reference Guide Concepts
|
|
- Gabriella Tucker
- 8 years ago
- Views:
Transcription
1 TIBCO LogLogic Unity Quick Reference Guide Concepts Overview TIBCO LogLogic Unity is a sleek, modern and scalable platform enabling technical teams to resolve open issues, which require advanced troubleshooting techniques, complex root cause analysis or deep forensics. LogLogic Unity is a Log processing Search & Alerting tool that takes data from any source and structures that data. This allows for intuitive, fast, and complete interaction with data resulting in faster turn-around from open to close in issue resolution. Taxonomy LogLogic leverages a defined taxonomy for proper field normalization. This enables users to quickly map fields together from different sources into a common schema. Deployment LogLogic Unity architectural view is shown in the following illustration: Highlights: Modular search queries Use all or part of saved search filters to build new search queries using new building block technology Multiple search queries Run multiple searches at the same time Working data sets Work with multiple search results without losing what you are working on. Walk away and come back without losing your search results. Data lookups Enrich your experience with lookup tables enhancing search and alerting capabilities Data at rest correlation Perform advanced correlation against historical data to identify trends Data in motion correlation Maintain advanced correlation in memory to identify key patterns for alerting Comprehensive APIs Leverage core functionality using intuitive APIs built on REST Scalable clustering technology Scale horizontally as needed to maintain performance and storage Parsing A parsing rule relates to the ability to structure data from its original state. By providing structure a user can then perform other functions such as grouping, aggregations or visuals. Parsing also assists in finding information when performing searching. In LogLogic 6 parsing can be performed ad-hoc producing a flexible design to work with. LogLogic 6 also comes pre-loaded with 100 s of rules. It also provides KVP and CSV style parsers to easily extract columns for semi-structured data. Events An event in the system represents a single entry of data. Events may be small single line entries such as syslog or they may consume multiple lines such as JSON outputs or XML outputs. Tags tags are predefined with sys_. These tags are auto defined for each log message and are indexed by the system. This enables faster search queries and access to the data. Field Enrichment Field enrichment provides a way for a user to edit any field in the system to produce outputs that are informative and intuitive. We support lookups, math computations and standard functions to help users define data the way they need to see it.
2 Filter Bloks Common Search Commands Operations and functions USE Defines event sources including parsing configuration. COLUMNS Defines which columns should appear in the results. GROUP BY Grouping can be used to group values by given column or columns. Grouping requires list of grouping columns and the list of aggregation columns. SORT BY Sorts search results based on the expression. LIMIT Limits the size of search results to be displayed. Common Filter Commands/Statements/Operations Operations and functions AND Narrows your search results by only returning those events where each one of the AND conditions evaluates to true. OR Expands your search results by returning events where either of the OR conditions evaluates to true. Equals (=) A comparison condition compares two expressions using the operator specified in the comparison, which may Not equals (<>), (!=) be one of seven possible comparison operators with well-known meanings. The comparison condition Lower than(<) evaluates to true only if the comparison condition is satisfied. This may be used to narrow search results. Lower or equal (,=) Greater than (>) Greater or equal (>=) Plus (+) The arithmetic (+,-,*,/) and string concatenation ( ) operators can be used to create parts of other conditions. Minus (-) Multiply (asterisk (*)) Divide (forward slash (/)) String concatenation ( ) Function Any set of predefined functions. IS NULL, IS NOT NULL Narrows your search results by accepting or rejecting the event based on whether the evaluated expression is null or not null. An expression most frequently becomes null if a column named in the expression has no value for the current event. LIKE, NOT LIKE Returns true if it matched the supplied pattern (% matches any character, _ matches exactly one character). BETWEEN Supports Timestamps, Long and Integers. IN Checks if value matches anyone of the values in a set. REGEXP, NOT REGEXP Returns true if it matches the supplied pattern. Search Examples Filter Blok Expression sys_eventtime in TUE:WED Use MyParserProfile sys_eventtime in -1h "bob" Use system sys_eventtime in 1d:NOW "bob" and devtype in ('Windows', 'Cisco PIX') sort by sys_eventtime DESC LIMIT 100 "Bob" sys_eventtime BETWEEN ' :34:34' and ' :00:00' sys_eventtime in -1h sort by sys_eventtime DESC sys_eventtime in -1h group by transactionid columns COUNT() sys_eventtime in -1h group by transactionid columns max(sys_eventtime) - min(sys_eventtime) as duration Displays results from the Default data parser profile within defined time range. Displays results from a defined data Parser Profile for a specified time range. Displays results from the default log source with Bob in the text. Displays results from the Data Parser profile within a certain time range. Displays results from a data source with 'bob' in the text, and for a certain set of log sources. Displays sorted first page of results for events ordered by timestamp in descending order. Display results from the log source with Bob in the text Displays sorted events by timestamp in descending order. Displays grouped results based on transaction. Displays grouped results based on the transaction durations. Provides an alias for the expression that will be used as column name. Aggregation Functions Function (*) This will apply the function for any event with no additional constraints. All This will apply the function on all values that are not null. Distinct This will apply the function once per distinct values. Sum This is the total value. Avg This is the average value. Max This is the minimum value. Var This is the variance. Stdev This is the standard deviation function.
3 Correlation Bloks Functions Arguments Returns String functions lenchar_lengthcharacter_length String Length of string argument 1 lower String Lower case of string 1 upper String Upper case of string 1 trim String Trimmed string 1 (without leading and trailing spaces) substitute String 1, String 2, String 3 Substitute string 2 by string 3 in string 1 left String, Int <int> left characters of string 1 right String, Int <int> right characters of string 1 midsubstrsubstring String, Int 1, Int 2 Characters from string 1 starting at offset <int1> for a length of <int2> findposition String, String Index of the first occurrence of string 2 within string 1, -1 if no occurrence is found concatenate String, String, Concatenation of all strings passed as arguments. List functions size List Size of list Conditional functions IIF Condition, then, else Returns then value if condition else, then returns else valve. Smart List functions lookup String 1, String 2 The value associated with String2 in the smart list named String1. isinlist String 1, String 2 True if the value String2 is defined in smart list named String1. Conversion functions ToTimestamp ToIP ToTimestampString ToInt ToLong ToString ToFloat ToBool ToDouble expression, formatstring or expression, formatstring expression, formatstring or expression, formatstring, The expression, which should evaluate to a string, is interpreted as a time according to the supplied formatstring. If the conversion fails, null is retured, unless a default string is provided, which is interpreted as a time and returned. Same as ToTimestamp, except the conversion is to an IP address (Java InetAddress). Same as ToTimestamp, except the conversion is in the opposite direction to get a printable timestamp. The obvious conversion to integer with default value taken if not convertible. The obvious conversion to Long with default value taken if not convertible. The obvious conversion to String with default value taken if not convertible. The obvious conversion to Float with default value taken if not convertible. The obvious conversion to Boolean with default value taken if not convertible. The obvious conversion to Double with default value taken if not convertible. Columns The system (event metadata) columns are indexed so searching is faster on the system columns. All system columns are displayed with the prefix sys_ and all built-in parsers are displayed with the prefix ll_ in the column list. The following list describes all system columns in the LogLogic Unity event. Name Type Column sys_eventtime Timestamp UTC time of the event in Epoch milliseconds. sys_body String Text of the message. sys_bodysize Integer Size in number of bytes of the body. sys_sourcetype Integer TIBCO LogLogic Log Management Intelligence (LMI) type ID. sys_collectip InetAddress IP from where the event originated. sys_collecttime TimeStamp UTC time of the event when it was ingested into the LogLogic Unit event storage. sys_filename String File name for event collected from a file. sys_filelinenumber Integer Line number in file. sys_tenant String Customer identifier. sys_domain String Customer sub-identifier. sys_partition Long Identifier of the portion of the data on the data node. sys_offset Long Location of the LogLogic Unity event store. sys_eventkey String Unique key that refers to an event in the LogLogic Unity store. sys_lmieventkey String Unique key that refers to an event in the LogLogic LMI event store. sys_applianceid String Identifier for the LMI Appliance. sys_lmidomain Integer, String LMI Domain is a component of the LMI device (source) identifier. sys_sourcedns String DNS name for the event_source_ip.
4 Rule Structure Statement Rule Structure USE <source identifier> (, <source identifier>)* Within <integer> [ d h m s ] [ Fixed Sliding ] <event group 1> <event group 2> [ Correlation <correlation criteria 1> <correlation criteria 2> ] [ Autofill ] ( Set <expression> As <identifier> )* [ Inject Correlation Event ] [ LIMIT <integer> CORRELATION EVENTS ] Event group structure Event Group <identifier> [ Is ( Required Optional Excluded ) ] [ With Delayed Evaluation ] [ At Least <integer> Events ] [ At Most <integer> Events ] [ <identifier environment> ] [ Where <expression> ] [ With The Same <expression> [ As <identifier> ] (, <expression> [ As <identifier> ] )* ] ( Having <having clause> )* [ Limits <integer> Groups And <integer> Events ] Having Clause At (Least Most) <integer> Distinct <expression> As <identifier> Limit <integer> Count Of <expression> Being <expression> (Greater Lower) Than <integer> Percentage Of <expression> Being <expression> (Greater Lower) Than <integer>%<condition> Correlation Criteria <event_group_identifier1>><field_identifier1> == <event_group_identifier2>><field_identifier2> <event_group_identifier1> (Begins Ends) [At Least <integer> [ d h m s ]] [Up To <integer> [ d h m s ]] (Before After) <event_group_identifier2> (Begins Ends) Search Examples Correlation Blok Example Use system Event Group [My Events] Use my source Event Group [My Events] Operation limit 1000 Direction limit 1000 Use MySource Event Group [Builts] where Operation = "Built" and Direction = "outbound" [Source IP] limit 1000 Use MySource Event Group [Builts] At least 41 events where Operation = "Built" and Direction = "outbound" With the same [Source IP] [Destination IP] limit 1000 Use MySource Event Group [DenyAndBuilt] where Operation = "Deny" OR Operation = "Built" With the same [Source IP] Having at least 2 distinct [Operation] limit 1000 This rule will trigger a new alert at the first event and will accumulate all events during 30 minutes time period. This rule will do the same as rule 1 but the alerts generated will then give information about the number of distinct operation/direction and their values. This rule will filter events which have Operation equals to Built and Direction equals to outbound, and give count of distinct source IP and values up to This rule is looking for at least 41 events with the same criteria as the previous one, coming from the same Source IP, and giving information about the number of distinct Destination IPs and their value up to This rule looks for a Source IP which has events from at least 2 distinct operations Hillview Avenue Palo Alto CA Copyright TIBCO Software Inc. ALL RIGHTS RESERVED
5 Columns The system (event metadata) columns are indexed so searching is faster on the system columns. All system columns are displayed with the prefix sys_ and all built-in parsers are displayed with the prefix ll_ in the column list. The following list describes all system columns in the LogLogic Unity event. Name Type Column sys_eventtime Timestamp UTC time of the event in Epoch milliseconds. sys_body String Text of the message. sys_bodysize Integer Size in number of bytes of the body. sys_sourcetype Integer TIBCO LogLogic Log Management Intelligence (LMI) type ID. sys_collectip InetAddress IP from where the event originated. sys_collecttime TimeStamp UTC time of the event when it was ingested into the LogLogic Unit event storage. sys_filename String File name for event collected from a file. sys_filelinenumber Integer Line number in file. sys_tenant String Customer identifier. sys_domain String Customer sub-identifier. sys_partition Long Identifier of the portion of the data on the data node. sys_offset Long Location of the LogLogic Unity event store. sys_eventkey String Unique key that refers to an event in the LogLogic Unity store. sys_lmieventkey String Unique key that refers to an event in the LogLogic LMI event store. sys_applianceid String Identifier for the LMI Appliance. sys_lmidomain Integer, LMI Domain is a component of the LMI device (source) identifier. String sys_sourcedns String DNS name for the event_source_ip. Log Sources LogLogic Unity supports message body text search for all of the log sources supported by LogLogic LMI and also supports advanced searching of source-specific parsed columns for the following sources via General Parser. For details, see the TIBCO LogLogic Log Source Packages documentation. Note that not all event types supported by LogLogic LMI may be supported by LogLogic Unity. Log Source ADS Microsoft Active Directory Service Apache Web Server Blue Coat ProxySG Syslog BMC Remedy Action Request (AR) CA SiteMinder Access Management Check Point (CP Audit) Cisco ASA Adaptive Security Appliance Cisco ACS for Windows Cisco Content Engine Cisco ESA Cisco Services Module (FWSM) Cisco IOS Cisco IPS Cisco Identity Services Engine (ISE) Cisco NetFlow Cisco (Nexus) NX-OS Cisco Secure ACS Cisco Web Security Appliance (WSA) Fortinet (FortOS) F5 BIGIP traffic Management Operating (TMOS) General Unix GuardiumSQLGuard GuardiumSQLGuard Audit HP NonStop HP-UX Operating Audit IBM AIX Audit IBM AIX Operating IBM DB2 Universal (UDB) IBM Resource Facility (RACF) Device Category Active Directory Apache Web Server WebProxy BMC Remedy ARS UTM Content Engine Mail Security /VPN Router & Switches IPS Router Switch Web Security LoadBalancer DB IDS/IPS DB IDS/IPS Audit
6 Log Sources - continued Log Source IBM ISS SiteProtector Juniper IDP Juniper RT_Flow Jumper SSL VPN Secure Access Juniper (JunOS) LogLogic Appliance LogLogic Security Manager McAfee epolicy Orchestrator McAfee G2 Sidewinder Microsoft DHCP Microsoft Office Sharepoint Server Microsoft Operations Manager Microsoft Internet Authentication Service (IAS) Microsoft SQL Server Microsoft Microsoft (French) Microsoft (German) Microsoft (Japanese) MySQL Server GDBC NetApp Decru DataFort NetApp Filer Novell edirectory Oracle Serer General Collector for Oracle Palo Alto Networks PanOS RSA ACE/Server Reuters KondorPlus Snort Sourcefire Sensor Sourcefire Defense Center Squid2 Sun Solaris Basic Security Module (BSM) Sybase Adaptive Server Enterprise (ASE) Symantec Symantec SEP TIBCO ActiveMatrix Administartor TIBCO ActiveMatrix BPM TIBCO ActiveMatrix Business Works TIBCO Administrator TIBCO API Exchange Gateway Server TIBCO Hawk Agent TIBCO Enterprise messaging Service Collector (EMSC) TrendMicro Control Manager TrendMicro OfficeScan Tripwire for Server VMware ESX Server VMware vcenter VMware vcenter Orchestrator VMware vcloud Director VMware vshield Edge Device Category IPS IDS/IPS VPN UTM IPS /VPN Microsoft DHCP Application Content Management Decru Datafort NetApp Filer, NetApp Filer Audit LDAP Directory Service UTM Application Intrusion Detection IDS/IPS IDS/IPS Blue Coat Sun Solaris Operating BSM EMS Tripwire Management Station Hypervisor Automation Server
TIBCO LogLogic. SOX and COBIT Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic SOX and COBIT Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.
More informationTIBCO LogLogic. HIPAA Compliance Suite Quick Start Guide. Software Release: 3.5.0. December 2012. Two-Second Advantage
TIBCO LogLogic HIPAA Compliance Suite Quick Start Guide Software Release: 3.5.0 December 2012 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE
More informationSymantec Security Information Manager Version 4.7
Version 4.7 Agenda What are the challenges? What is Security Information Manager? How does Security Information Manager work? Why? 2 Security Management Challenges 3 Managing IT Security PREVENT INFORM
More informationTIBCO LogLogic PCI Compliance Suite Release Notes
TIBCO LogLogic PCI Compliance Suite Release Notes Software Release 3.7.0 August 2014 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationList of Supported Systems & Devices
List of Supported Systems & Devices February 2012 Cyber-Ark's Privileged Identity Management (PIM) Suite is an enterprise-class, unified policy-based solution that secures, manages and monitors all privileged
More informationApplication Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1
Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationConfiguration Audit & Control
The Leader in Configuration Audit & Control Configuration Audit & Control Brett Bartow - Account Manager Kelly Feagans, Sr. Systems Engineer ITIL, CISA March 4, 2009 Recognized leader in Configuration
More informationRSA envision. Supported Event Sources. Vendor Device Collection Method. Vendor Device Collection Method. Vendor Device Collection Method
RSA envision Supported Event Sources A Actividentity 4TRESS AAA Server - version 6.4.1 AirDefense AirDefense Enterprise Server - version 7.2 Airmagnet Airmagnet Enterprise - version 7.5.0 Apache HTTP Server
More informationCimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred
DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides
More informationCiscoWorks SIMS(Netforensics)
Managing Logs and Security Events CiscoWorks SIMS(Netforensics) Georg Bommer, Inter-Networking AG (Switzerland) Table of Content Challenges/Problems Main Functionality Product Tour Report Examples Architecture
More informationSENTINEL MANAGEMENT & MONITORING
MANAGEMENT & MONITORING Network Monitoring Server Monitoring Database Monitoring Application Monitoring End User Response Time Monitoring Virtualisation Monitoring VOIP Monitoring SLA Monitoring Knowing
More informationREQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM
REQUEST FOR PROPOSAL ACQUISITION & IMPLEMENTATION OF CENTRALIZED LOG MANAGEMENT SYSTEM Proposal Release Date: AUGUST 20 th 2008 Proposal Due Date: SEPTEMBER 16 th 2008 TABLE OF CONTENTS 1 - INTRODUCTION...
More informationTIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes
TIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes Software Release 3.7.0 August 2014 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE
More informationArcSight Supports a Wide Range of Security Relevant Products
ArcSight Supports a Wide Range of Security Relevant Products ArcSight s data collection capabilities are the most versatile in the industry and run the gamut from a centralized collection point on the
More informationIBM Security QRadar SIEM Version 7.1.0 MR1. Log Sources User Guide
IBM Security QRadar SIEM Version 7.1.0 MR1 Log Sources User Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks on page 108. Copyright
More informationHow To Protect Your Virtual Infrastructure From Attack From A Cyber Threat
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security
More informationMeasurably reducing risk through collaboration, consensus & practical security management. 2013 CIS Security Benchmarks 1
Measurably reducing risk through collaboration, consensus & practical security management 2013 CIS Security Benchmarks 1 Background City University of New York s Rights and Benefits as a CIS Security Benchmarks
More informationJUNIPER NETWORKS STRM TECHNICAL NOTE
JUNIPER NETWORKS STRM TECHNICAL NOTE USING EXTENSION DOCUMENTS JUNE 2008 Device extensions allow you to modify how a DSM parses logs, which is useful for resolving parsing issues. However, before you define
More informationMcAfee Database Activity Monitoring 5.0.0
Product Guide McAfee Database Activity Monitoring 5.0.0 For use with epolicy Orchestrator 4.6.3-5.0.1 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS
More informationVMware vcenter Operations Manager Enterprise Administration Guide
VMware vcenter Operations Manager Enterprise Administration Guide vcenter Operations Manager Enterprise 5.0 This document supports the version of each product listed and supports all subsequent versions
More informationvsphere Upgrade vsphere 6.0 EN-001721-03
vsphere 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationPeter Dulay, CISSP Senior Architect, Security BU
CA Enterprise Log Manager 12.5 Peter Dulay, CISSP Senior Architect, Security BU Agenda ELM Overview ELM 12.5: What s new? ELM to CA Access Control/PUPM Integration CA CONFIDENTIAL - Internal Use Only Overview
More informationVMware Integrated Partner Solutions for Networking and Security
VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security Networking and Security are complex, dynamic areas, and VMware recognizes
More informationUpgrading From NetIQ Security Manager 6.5 to Sentinel 7.0
Contents Overview... 1 Understanding Sentinel 7.0 Architecture... 1 Planning to Upgrade From Security Manager to Sentinel... 3 Enabling Security Manager Data Forwarding... 4 Using Sentinel to Search Log
More informationALERT LOGIC ACTIVEWATCH FOR LOG MANAGER
QUICKSTART GUIDE: ALERT LOGIC ACTIVEWATCH FOR LOG MANAGER TABLE OF CONTENTS Introduction...2 Getting Started...4 Configuring Log Sources...4 Common Log Sources...5 INTRODUCTION A FRESH APPROACH TO IDENTIFYING
More informationIntegrigy Corporate Overview
mission critical applications mission critical security Application and Database Security Auditing, Vulnerability Assessment, and Compliance Integrigy Corporate Overview Integrigy Overview Integrigy Corporation
More informationSupported Devices (Event Log Sources)
Operating Systems HP Insight Manager Windows Time service CISCO CatOS IBM DB2 UDB Websense WSG CISCO IOS Imperva Cisco NX OS LogBinder SP Astaro Citrix NetScaler OS MacAfee Intrushield IPS Security 110
More informationMeasurably reducing risk through collaboration, consensus & practical security management. 2015 CIS Security Benchmarks 1
Measurably reducing risk through collaboration, consensus & practical security management 2015 CIS Security Benchmarks 1 Background State of Idaho s Rights and Benefits as a CIS Security Benchmarks Member
More informationVMware vcloud Director for Service Providers
Architecture Overview TECHNICAL WHITE PAPER Table of Contents Scope of Document....3 About VMware vcloud Director....3 Platform for Infrastructure Cloud...3 Architecture Overview....3 Constructs of vcloud
More informationPartner Camp 2016. Leistungsstarkes Log-Management für physische, virtuelle und cloud-basierte Umgebungen. Tomas Baublys 25.04.
Partner Camp 2016 vrealize Click Log to edit Insight Master title style Leistungsstarkes Log-Management für physische, virtuelle und cloud-basierte Umgebungen Tomas Baublys 25.04.2016 2014 VMware Inc.
More informationvshield Administration Guide
vshield Manager 5.1 vshield App 5.1 vshield Edge 5.1 vshield Endpoint 5.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by
More informationVMware vcenter Log Insight User's Guide
VMware vcenter Log Insight User's Guide vcenter Log Insight 1.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationIntegrating VoltDB with Hadoop
The NewSQL database you ll never outgrow Integrating with Hadoop Hadoop is an open source framework for managing and manipulating massive volumes of data. is an database for handling high velocity data.
More informationThe syslog-ng Premium Edition 5F2
The syslog-ng Premium Edition 5F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Premium Edition enables enterprises to collect,
More informationVMware vcenter Log Insight Security Guide
VMware vcenter Log Insight Security Guide vcenter Log Insight 2.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationVMware vcenter Log Insight User's Guide
VMware vcenter Log Insight User's Guide vcenter Log Insight 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationBest of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye
Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for
More informationHP SiteScope 11.x Essentials
HP SiteScope 11.x Essentials Overview This course provides the technical knowledge and skills needed to manage and monitor an IT infrastructure with the help of the HP SiteScope product. Students gain
More informationAlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide
AlienVault Unified Security Management (USM) 4.x-5.x Deployment Planning Guide USM 4.x-5.x Deployment Planning Guide, rev. 1 Copyright AlienVault, Inc. All rights reserved. The AlienVault Logo, AlienVault,
More informationVMware vcenter Operations Manager Administration Guide
VMware vcenter Operations Manager Administration Guide Custom User Interface vcenter Operations Manager 5.6 This document supports the version of each product listed and supports all subsequent versions
More informationZenoss for Cisco ACI: Application-Centric Operations
Zenoss for Cisco ACI: Application-Centric Operations Introduction Zenoss is a systems management software company focused on the challenges of operating and helping ensure the delivery of large-scale IT
More informationThe syslog-ng Store Box 3 F2
The syslog-ng Store Box 3 F2 PRODUCT DESCRIPTION Copyright 2000-2014 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance
More informationVMware Identity Manager Connector Installation and Configuration
VMware Identity Manager Connector Installation and Configuration VMware Identity Manager This document supports the version of each product listed and supports all subsequent versions until the document
More informationEnforcive /Cross-Platform Audit
Enforcive /Cross-Platform Audit Enterprise-Wide Log Manager and Database Activity Monitor Real-time Monitoring Alert Center Before & After Change Image Custom Reports Enforcive's Cross-Platform Audit (CPA)
More informationAlert Logic Log Manager
whitepaper Alert Logic Log Manager Configuring Log Sources for Best Practice Reports CONTENTS Introduction 1 Best Practice Reports in Log Manager 2 Active Directory 2 Databases 2 Network Devices 2 Windows
More informationThe syslog-ng Premium Edition 5LTS
The syslog-ng Premium Edition 5LTS PRODUCT DESCRIPTION Copyright 2000-2013 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Premium Edition enables enterprises to collect,
More informationPolicy Compliance. Getting Started Guide. January 22, 2016
Policy Compliance Getting Started Guide January 22, 2016 Copyright 2011-2016 by Qualys, Inc. All Rights Reserved. Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarks
More informationSAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24. Data Federation Administration Tool Guide
SAP Business Objects Business Intelligence platform Document Version: 4.1 Support Package 7 2015-11-24 Data Federation Administration Tool Guide Content 1 What's new in the.... 5 2 Introduction to administration
More informationHawkEye AP Log Adapter List Updated January 2014
HawkEye AP Log Adapter List Updated January 2014 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM
More informationTORNADO Solution for Telecom Vertical
BIG DATA ANALYTICS & REPORTING TORNADO Solution for Telecom Vertical Overview Last decade has see a rapid growth in wireless and mobile devices such as smart- phones, tablets and netbook is becoming very
More informationUser Identification (User-ID) Tips and Best Practices
User Identification (User-ID) Tips and Best Practices Nick Piagentini Palo Alto Networks www.paloaltonetworks.com Table of Contents PAN-OS 4.0 User ID Functions... 3 User / Group Enumeration... 3 Using
More informationAdvanced Service Design
vcloud Automation Center 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions
More informationDBMS / Business Intelligence, SQL Server
DBMS / Business Intelligence, SQL Server Orsys, with 30 years of experience, is providing high quality, independant State of the Art seminars and hands-on courses corresponding to the needs of IT professionals.
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationEnd Your Data Center Logging Chaos with VMware vcenter Log Insight
End Your Data Center Logging Chaos with VMware vcenter Log Insight By David Davis, vexpert WHITE PAPER Table of Contents Deploying vcenter Log Insight... 4 vcenter Log Insight Usage Model.... 5 How vcenter
More informationUser-ID Best Practices
User-ID Best Practices PAN-OS 5.0, 5.1, 6.0 Revision A 2011, Palo Alto Networks, Inc. www.paloaltonetworks.com Table of Contents PAN-OS User-ID Functions... 3 User / Group Enumeration... 3 Using LDAP Servers
More informationMonitoring Remote Access VPN Services
CHAPTER 5 A remote access service (RAS) VPN secures connections for remote users, such as mobile users or telecommuters. RAS VPN monitoring provides all of the most important indicators of cluster, concentrator,
More informationsyslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com
syslog-ng Store Box PRODUCT DESCRIPTION Copyright 2000-2009 BalaBit IT Security All rights reserved. www.balabit.com Introduction Log messages contain information about the events happening on the hosts.
More informationEnterprise SysLog Manager (ESM)
Enterprise SysLog Manager (ESM) ESM is a managed network security appliance (scalable HP server) with database for the collection, management and reporting of syslog messages, from critical hosts and network
More informationFrequently Asked Questions. Secure Log Manager. Last Update: 6/25/01. 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.
Frequently Asked Questions Secure Log Manager Last Update: 6/25/01 6303 Barfield Road Atlanta, GA 30328 Tel: 404.236.2600 Fax: 404.236.2626 1. What is Secure Log Manager? Secure Log Manager (SLM) is designed
More informationSapphireIMS 4.0 BSM Feature Specification
SapphireIMS 4.0 BSM Feature Specification v1.4 All rights reserved. COPYRIGHT NOTICE AND DISCLAIMER No parts of this document may be reproduced in any form without the express written permission of Tecknodreams
More informationOnCommand Unified Manager
OnCommand Unified Manager Operations Manager Administration Guide For Use with Core Package 5.2 NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1(408) 822-6000 Fax: +1(408) 822-4501
More informationPalo Alto Networks. Security Models in the Software Defined Data Center
Palo Alto Networks Security Models in the Software Defined Data Center Christer Swartz Palo Alto Networks CCIE #2894 Network Overlay Boundaries & Security Traditionally, all Network Overlay or Tunneling
More informationThe syslog-ng Store Box 3 LTS
The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance
More informationMigrating to vcloud Automation Center 6.1
Migrating to vcloud Automation Center 6.1 vcloud Automation Center 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationJohn Smith Prattville, AL career@hashbangsecurity.com
John Smith Prattville, AL career@hashbangsecurity.com Career Objective I am a certified and skilled senior security and UNIX systems administrator with over twenty years of experience. I am seeking a position
More informationEffective Use of Security Event Correlation
Effective Use of Security Event Correlation Mark G. Clancy Chief Information Security Officer The Depository Trust & Clearing Corporation DTCC Non-Confidential (White) About DTCC DTCC provides custody
More informationDeveloping Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489
Developing Microsoft SharePoint Server 2013 Advanced Solutions MOC 20489 Course Outline Module 1: Creating Robust and Efficient Apps for SharePoint In this module, you will review key aspects of the apps
More informationHP Intelligent Management Center Enterprise Software. Platform. Key features. Data sheet
Data sheet HP Intelligent Management Center Enterprise Software Platform Key features Highly flexible and scalable deployment options Powerful administration control Rich resource management Detailed performance
More informationXpoLog Center Suite Data Sheet
XpoLog Center Suite Data Sheet General XpoLog is a data analysis and management platform for Applications IT data. Business applications rely on a dynamic heterogeneous applications infrastructure, such
More informationSIEM Optimization 101. ReliaQuest E-Book Fully Integrated and Optimized IT Security
SIEM Optimization 101 ReliaQuest E-Book Fully Integrated and Optimized IT Security Introduction SIEM solutions are effective security measures that mitigate security breaches and increase the awareness
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationAccess Management Analysis of some available solutions
Access Management Analysis of some available solutions Enterprise Security & Risk Management May 2015 Authors: Yogesh Kumar Sharma, Kinshuk De, Dr. Sundeep Oberoi Access Management - Analysis of some available
More informationvsphere Upgrade Update 1 ESXi 6.0 vcenter Server 6.0 EN-001804-02
Update 1 ESXi 6.0 vcenter Server 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent
More informationXpoLog Competitive Comparison Sheet
XpoLog Competitive Comparison Sheet New frontier in big log data analysis and application intelligence Technical white paper May 2015 XpoLog, a data analysis and management platform for applications' IT
More informationHeroix Longitude Quick Start Guide V7.1
Heroix Longitude Quick Start Guide V7.1 Copyright 2011 Heroix 165 Bay State Drive Braintree, MA 02184 Tel: 800-229-6500 / 781-848-1701 Fax: 781-843-3472 Email: support@heroix.com Notice Heroix provides
More informationMANAGED SERVICES. Remote Monitoring. Contact US: 800.677.1919 info@millenniuminc.com millenniuminc.com
MANAGED SERVICES Remote Monitoring A N D Ma n a g e m e n t D O C U MENTATION AND Services Gu i d e Contact US: 800.677.1919 info@millenniuminc.com millenniuminc.com ABOUT RMM SERVICES Millennium s RMM
More informationHayri Tarhan, Sr. Manager, Public Sector Security, Oracle Ron Carovano, Manager, Business Development, F5 Networks
EXTENDING ACCESS WHILE ENHANCING CONTROL FOR YOUR ORGANIZATION S DATA LEVERAGE THE POWER OF F5 AND ORACLE TO DELIVER SECURE ACCESS TO APPLICATIONS AND DATABASES Hayri Tarhan, Sr. Manager, Public Sector
More informationHawkEye AP Log Adapter List Updated January 2016
HawkEye AP Log Adapter List Updated January 2016 Firewalls / VPN Aventail SSL VPN * Check Point Firewall-1 fwexport * Check Point Firewall-1 LEA Check Point VPN-1 * Cisco ASA (via SyslogNG) Cisco FWSM
More informationCimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred
DETECT All changes across your IT environment With coverage for your servers, network devices, critical workstations, point of sale systems, and more, CimTrak has your infrastructure covered. CimTrak provides
More informationVirtualization Journey Stages
Deep Security 7.5 Todd Thiemann Sr. Dir. of Datacenter Security Marketing Trend Micro Harish Agastya Director of Datacenter Security Marketing Trend Micro Classification 11/12/2010 1 Virtualization Journey
More informationReference Guide. Skybox View 7.0.600. Revision: 11
Reference Guide Skybox View 7.0.600 Revision: 11 Copyright 2002-2014 Skybox Security, Inc. All rights reserved. This documentation contains proprietary information belonging to Skybox Security and is provided
More informationACE Management Server Deployment Guide VMware ACE 2.0
Technical Note ACE Management Server Deployment Guide VMware ACE 2.0 This technical note provides guidelines for the deployment of VMware ACE Management Servers, including capacity planning and best practices.
More informationBig Data for Satellite Business Intelligence
Big Data for Satellite Business Intelligence GSAW 2015 Loic COULET, Kratos ISE 2015 by Kratos ISE. Published by The Aerospace Corporation with permission. Who s talking? Computer Science Passionate Kratos
More informationProduct Guide Revision A. McAfee Web Reporter 5.2.1
Product Guide Revision A McAfee Web Reporter 5.2.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee
More informationRequired Software Product List
Symantec ($3.2 million, 35% weight) AdVantage AdvisorMail AntiVirus (Endpoint Protection) AntiVirus Enterprise Edition App Center Application HA Asset Management Suite Backup Exec Certificate Intelligence
More informationMobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE
Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View Mobile Secure Desktop solution is a powerful architecture intended
More informationvrealize Automation Load Balancing
vrealize Automation Load Balancing Configuration Guide Version 6.2 T E C H N I C A L W H I T E P A P E R A U G U S T 2 0 1 5 V E R S I O N 1. 0 Table of Contents Introduction... 4 Load Balancing Concepts...
More informationTIBCO LogLogic Log Management Intelligence (LMI) Release Notes
TIBCO LogLogic Log Management Intelligence (LMI) Software Release 5.6.0 March 2015 Two-Second Advantage Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED
More informationAssuria can help protectively monitor firewalls for PCI compliance. Assuria can also check the configurations of personal firewalls on host devices
The Payment Card Industry (PCI) Data Security Standard (DSS) provides an actionable framework for developing a robust payment card data security process. The Payment Application Data Security Standard
More informationQuest InTrust. Version 8.0. What's New. Active Directory Exchange Windows
Quest InTrust Version 8.0 What's New Active Directory Exchange Windows Abstract This document describes the new features and capabilities of Quest InTrust 8.0. Copyright 2004 Quest Software, Inc. and Quest
More informationManageEngine (division of ZOHO Corporation) www.manageengine.com. Infrastructure Management Solution (IMS)
ManageEngine (division of ZOHO Corporation) www.manageengine.com Infrastructure Management Solution (IMS) Contents Primer on IM (Infrastructure Management)... 3 What is Infrastructure Management?... 3
More informationUsing the vcenter Orchestrator Plug-In for Microsoft Active Directory
Using the vcenter Orchestrator Plug-In for Microsoft Active Directory vcenter Orchestrator 4.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationSolarWinds Log & Event Manager
Corona Technical Services SolarWinds Log & Event Manager Training Project/Implementation Outline James Kluza 14 Table of Contents Overview... 3 Example Project Schedule... 3 Pre-engagement Checklist...
More informationPanorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.
provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls. View a graphical summary of the applications on the network, the respective users, and
More informationXenServer Virtual Machine metrics
1 de 7 21/11/13 13:31 Tour (/tour/) How it Works /how-it-works/) Pricing (/pricing/) Customers (/testimonials/) WHAT WE MONITOR Application Monitoring /) Java Monitoring Tomcat monitoring Zookeeper Monitoring
More informationPalo Alto Networks User-ID Services. Unified Visitor Management
Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba
More informationApache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide. Revised February 28, 2013 2:32 pm Pacific
Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide Revised February 28, 2013 2:32 pm Pacific Apache CloudStack 4.x (incubating) Network Setup: excerpt from Installation Guide
More informationHP A-IMC Firewall Manager
HP A-IMC Firewall Manager Configuration Guide Part number: 5998-2267 Document version: 6PW101-20110805 Legal and notice information Copyright 2011 Hewlett-Packard Development Company, L.P. No part of this
More information