Monitoring Log Management and Alerting

Similar documents
mbits Network Operations Centrec

UBIqube unified Managed Services Solution MSActivator. Managed VoIP Module Q1-09

Clavister InSight TM. Protecting Values

Nokia Siemens Network NetAct For Juniper. Mobile Broadband Ethernet and IP Assurance

XpoLog Center Suite Log Management & Analysis platform

Forcepoint Stonesoft Management Center

Achieving PCI-Compliance through Cyberoam

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

McAfee Security. Management Client

How To Manage Sourcefire From A Command Console

Kaseya Traverse. Kaseya Product Brief. Predictive SLA Management and Monitoring. Kaseya Traverse. Service Containers and Views

Configuration Information

Monitoring and analyzing audio, video, and multimedia traffic on the network

Der Weg, wie die Verantwortung getragen werden kann!

Configuration Information

Fault & Performance Management

NMS300 Network Management System

MRV EMPOWERS THE OPTICAL EDGE.

IBM Security QRadar SIEM & Fortinet FortiGate / FortiAnalyzer

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

Take the NetFlow Challenge!

Diagnostics and Troubleshooting Using Event Policies and Actions

Real Time Performance Dashboard for SOA Web Services ORION SOA

Log Audit Ensuring Behavior Compliance Secoway elog System

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Managed Security Services Portfolio

How To Configure Syslog over VPN

Overview and Deployment Guide. Sophos UTM on AWS

Defining, building, and making use cases work

PacketTrap One Resource for Managed Services

Thales e-security. CipherTrust Product Announcement

Information Technology Solutions

Best Practices for NetFlow/IPFIX Analysis and Reporting

Find the needle in the security haystack

Network Security. Network Security. Protective and Dependable. > UTM Content Security Gateway. > VPN Security Gateway. > Multi-Homing Security Gateway

AlienVault Unified Security Management (USM) 4.x-5.x. Deployment Planning Guide

Boston Area Windows Server User Group April 2010

StruxureWare TM Center Expert. Data

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Enforcive / Enterprise Security

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

Maintaining Non-Stop Services with Multi Layer Monitoring

Astaro Gateway Software Applications

Vantage Report. User s Guide. Version /2006 Edition 1

Kaseya 2. Quick Start Guide. for VSA 6.1

Fortinet Certified Network Security Administrator

MANAGED EXCHANGE SOLUTIONS Secure, Scalable and Compliant Hosted Environments

MSP End User. Version 3.0. Technical Solution Guide

How To Use Mindarray For Business

WHITE PAPER OCTOBER CA Unified Infrastructure Management for Networks

SonicWALL Global Management System Reporting Guide Standard Edition

LiveAction: GUI-Based Management and Visualization for Cisco Intelligent WAN

Dell SonicWALL report portfolio

Managed Protection Services for Networks - Standard

Network Management and Monitoring Software

SolarWinds Network Performance Monitor powerful network fault & availabilty management

TSM Studio Server User Guide

WhatsUp Gold vs. Orion

Edge Configuration Series Reporting Overview

Features Business Perspective.

Service Managed Gateway TM. How to Configure a Firewall

SolarWinds Network Performance Monitor

MRV EMPOWERS THE OPTICAL EDGE.

Oracle Communications Session Delivery Manager

A Prevention & Notification System By Using Firewall. Log Data. Pilan Lin

Fault & Performance Management

1. INTERFACE ENHANCEMENTS 2. REPORTING ENHANCEMENTS

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

Service Level Monitoring with Nagios. National Technical University of Athens Network Operations Center

pc resource monitoring and performance advisor

Company & Solution Profile

Cisco Security Manager 4.2: Integrated Security Management for Cisco Firewall, IPS, and VPN Solutions

PANDORA FMS NETWORK DEVICES MONITORING

SOLARWINDS NETWORK PERFORMANCE MONITOR

XpoLog Center Suite Data Sheet

Thank you for joining us today! The presentation will begin shortly. Thank you for your patience.

About this Getting Started Guide. Enabling Log Management... 2 Applying a License... 4 Using Log Management How to forward logs...

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

IBM Managed Security Services for Security Event and Log Management

Proactive Network Performance Monitoring

Centerity Monitor Standard V3.8 USER GUIDE VERSION 7.14

Managed Security Services for Data

Panorama PANORAMA. Panorama provides centralized policy and device management over a network of Palo Alto Networks next-generation firewalls.

WHITE PAPER September CA Nimsoft For Network Monitoring

Firewall Feature Overview

Cyberoam Perspective BFSI Security Guidelines. Overview

Achieving SOX Compliance with Masergy Security Professional Services

Network Management. 8.1 Centralized Monitoring, Reporting, and Troubleshooting Monitoring Challenges and Solutions CHAPTER

Datasheet FUJITSU Cloud Monitoring Service

State of California California Department of Technology Statewide Technology Procurement Division

Evaluation Guide. eprism Messaging Security Suite V8.200

NET ACCESS HIPAA COMPLIANT FLEXCloud

Customizing ehealth Reports

PERFORMANCE MANAGER. Carrier-grade voice performance monitoring tools for the enterprise. Resolve service issues before they impact your business.

Transcription:

Monitoring Log Management and Alerting Services Description February 2009 1 / 24

Contents Monitoring Log Management and Alerting... 1 1. Centralized Management... 3 1.1. Centralized management :... 3 1.2. Multi Tenant Architecture :... 5 2. SLA Management... 7 2.1. Health and Performances monitoring... 7 2.2. Graphical Real Time Monitoring Console : Mapview... 9 2.3. Custom KPI monitoring... 12 3. Log Management and alerting... 15 3.1. Log Management... 15 3.2. Email Alerting... 18 3.3. Detailed Reports :... 22 2 / 24

1. Centralized Management 1.1. Centralized management : The UBIqube MSActivator tm is a powerful but very easy-to-use solution for provisioning management and monitoring for quick and cost effective delivery of security services on multi-vendor CPE devices (routers, firewall, UTM) deployed in multisite networks. The MSActivator tm profile based rule definition allows administrators to manage IPsec VPN, Firewall, IPS and content filtering policies on group of devices (please refer to the portfolio for more details on the managed services). 3 / 24

The MSActivator tm unified WEB portal centralized the provisioning, management and monitoring of the devices and services. All the events sent (syslog or snmp ) by the managed or monitored devices are collected, classified and analyzed centrally. SLA management statistics, security dashboards and detailed report are available online on the WEB portal to facilitate the troubleshooting throughout all the lifecycle of the devices and services. 4 / 24

1.2. Multi Tenant Architecture : The MSActivator tm unified WEB portal is built on a multi tenant architecture which supports VSOC (Vistual SOC) definition and customization Multiple accesses levels with Role based Access Control and delegation profile Per customer policies management Per VSOC configuration templates customization (Pattern files and PHP APIs) 5 / 24

6 / 24

2. SLA Management 2.1. Health and Performances monitoring Health and availability of the managed devices is monitored in real time. Devices key metrics monitored are : Access Availability Network Traffic CPU Load System Uptime VPN Tunnels History Network Delays : RTT (Round Trip Time) and TTL (Time To Live) The MSActivator tm maintains a one year history with one minute granularity of each metric. 7 / 24

8 / 24

Statistics can be compared between devices : 2.2. Graphical Real Time Monitoring Console : Mapview The status of the devices is also available on the graphical real time monitoring console called the mapview. 9 / 24

Detailed information on the asset and statistics are displayed when you click on a device. In addition to the status of the devices the mapview displays the profiles. 10 / 24

The Mapview allows management by graphically attaching or detaching devices to or from profiles Devices and VPN can be displays on a google map embedded in the Mapview : 11 / 24

2.3. Custom KPI monitoring In addition the security profiles, administrators can create monitoring profile gives the user the ability to create his own custom SNMP polling, configure threshold email alerting and graphical rendering. Monitoring profile gives the user the ability to create his own custom SNMP polling, configure threshold email alerting and graphical rendering. This allows the monitoring of any KPI (Key Performance Indicator) based on SNMP OID like the environmental conditions such as temperature and humidity etc. 12 / 24

Monitoring profiles can be easily imported and exported using XML. This API streamlines teh integration of the UBIqube with 3 rd party OSS tools or opensource monitoring tools. Below is an example of an XML file for monitoring teh packet loss : <?xml version="1.0" encoding="utf-8" standalone="yes"?> - <MonitoringProfile> <comment /> <name>packet Loss</name> - <graphrendererlist> - <datalist> <colorashexa>008080</colorashexa> - <data> <comment>number of input IP datagrams los</comment> <defaultpolling>false</defaultpolling> <filename>ipindiscards</filename> <id>0</id> <maxvalue>-1</maxvalue> <minvalue>0</minvalue> <name>ipindiscards</name> <oid>1.3.6.1.2.1.4.8.0</oid> <pollingtype>67</pollingtype> <profileid>108</profileid> <threshold>10</threshold> <thresholdcomparator>71</thresholdcomparator> <thresholdfrequency>78</thresholdfrequency> </data> <horizontallabel>input</horizontallabel> <rendererid>0</rendererid> <snmppollingid>0</snmppollingid> </datalist> - <datalist> <colorashexa>ff6600</colorashexa> - <data> <comment>number of output IP datagrams lost</comment> <defaultpolling>false</defaultpolling> <filename>ipoutdiscards</filename> <id>1</id> <maxvalue>-1</maxvalue> <minvalue>0</minvalue> <name>ipoutdiscards</name> <oid>1.3.6.1.2.1.4.11.0</oid> <pollingtype>67</pollingtype> <profileid>108</profileid> <threshold>10</threshold> <thresholdcomparator>71</thresholdcomparator> 13 / 24

<thresholdfrequency>78</thresholdfrequency> </data> <horizontallabel>output</horizontallabel> <rendererid>0</rendererid> <snmppollingid>1</snmppollingid> </datalist> <id>0</id> <name>packet Loss</name> <profileid>108</profileid> <vertivallabel>packet loss number</vertivallabel> </graphrendererlist> - <snmppollinglist> <comment>number of input IP datagrams los</comment> <defaultpolling>false</defaultpolling> <filename>ipindiscards</filename> <id>0</id> <maxvalue>-1</maxvalue> <minvalue>0</minvalue> <name>ipindiscards</name> <oid>1.3.6.1.2.1.4.8.0</oid> <pollingtype>67</pollingtype> <profileid>108</profileid> <threshold>10</threshold> <thresholdcomparator>71</thresholdcomparator> <thresholdfrequency>68</thresholdfrequency> </snmppollinglist> - <snmppollinglist> <comment>number of output IP datagrams lost</comment> <defaultpolling>false</defaultpolling> <filename>ipoutdiscards</filename> <id>1</id> <maxvalue>-1</maxvalue> <minvalue>0</minvalue> <name>ipoutdiscards</name> <oid>1.3.6.1.2.1.4.11.0</oid> <pollingtype>67</pollingtype> <profileid>108</profileid> <threshold>10</threshold> <thresholdcomparator>71</thresholdcomparator> <thresholdfrequency>68</thresholdfrequency> </snmppollinglist> </MonitoringProfile> 14 / 24

3. Log Management and alerting 3.1. Log Management The MSActivator tm centralizes all the events (Syslog or SNMP) sent by the managed or monitored devices. Events are available online via the WEB portal for 30 days. Then they are archived securely using a tamper proof solution complaint to Sarbannes Oxley (SOX) PCI or HIPPA recommendations. The security dashboards available on the WEB portal provides event reporting overview with search capabilities. This multiple entry table includes for each event category (IPS, Firewall, Anti Virus, URL Filtering, Anti Spam, Alerts and logs) : Site top 5 of the month/week : the top 5 of the most attacked sites giving the number of event and the associated percentage Alert top 5 of the month/week : the top 5 of the most received alerts giving the number of occurrences and the associated percentage Historical performance charts (day, week, month, year) 15 / 24

The log analysis engine computes the security dashboard and provides for each managed site a human readable monthly/weekly summary reports. Logs are displayed using different colours and icons depending on the severity level. 16 / 24

17 / 24

The summary reports aggregate every minute the events on a per day basis. Reports can be filtered per category or severity and events can be search by pattern. Detailed views are available on a per event basis. This page displays all the events in raw format. 3.2. Email Alerting Emails Alarms can be sent : To inform of a link or device outage To alert on the reception of a security event flagged as an Alarm one 18 / 24

To alert when a threshold is triggered Emails alerts are sent, on a per site basis, to the site contact email and to the subscriber contact email and copy to the SOC support email address. Each field can contains multiple email addresses eg : mail1@acme.com; mail2@acme.com. The mail alert service is configurable at the site level on the second page of the site creation or modification processes: Proactive continuous (24x7) monitoring and alerting Health and availability of the managed devices is monitored by the VSOC real time monitoring console (RTMC). A reachable device appears in green colour on the VSOC console. If the connectivity is lost the device appears in orange colour during 5 minutes. After 5 minutes if the reachability is still down the device appears in red colour and an email alert is automatically sent. 19 / 24

This link or device outage, detected by the SOC, is called the Host Down event. An Host Up event is generated when a device connectivity is up again and an informational email is sent. Early Warning of threat identification and detection Email alerts can also be sent upon identification and detection of predefined events. The VSOC console displays summary human readable events reports. Actions can be specified on a par event per site basis. Actions can be either to discard the event because it is a false positive one or to generate an email alert. Alarms are summarized by date and the WEB interface provide alarm filtering by category (Firewall, IPS, Anti Virus, AntiSpam, URL Filtering, log) severity or by reference. 20 / 24

As soon as an event with the email alerting flag set is received by the SOC Event Tracker, a mail is sent. To avoid mail flooding a maximum of one Email Alerts per day per alert is sent. Threshold Alerting 21 / 24

Monitoring profile gives the user the ability to create his own custom SNMP polling, to associate them to alerting threshold and graphical rendering. Threshold definition is used to trigger mail alerting to the user. The alert frequency can be configure per threshold from once to one per day, one per hour and even one per minute. 3.3. Detailed Reports : The MSActivator tm console provides detailed reports, in PDF format, for security events (Firewall, IDS/IPS, Anti Virus, Anti Spam, URL filtering, proxy) which occurred on a device. This service (detailed reporting) is optional and can be activated on a per device basis. 22 / 24

These PDF reports are generated on daily and monthly basis. The screenshots below give some examples of the monthly PDF report generated for a UTM device : 23 / 24

24 / 24

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information