The syslog-ng Store Box 3 LTS



Similar documents
The syslog-ng Store Box 3 F2

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

The syslog-ng Premium Edition 5LTS

The syslog-ng Premium Edition 5F2

syslog-ng Product Line

Shell Control Box 3 F5

Distributed syslog architectures with syslog-ng Premium Edition

The syslog-ng Store Box 4 LTS Administrator Guide

Shell Control Box 4 LTS Product Description

PCI DSS compliance and log management

Performance Guideline for syslog-ng Premium Edition 5 LTS

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance

Shell Control Box 4 F2 Product Description

ISO27001 compliance and Privileged Access Monitoring

Alliance Key Manager Solution Brief

Detailed Features. Detailed Features. EISOO AnyBackup Family 1 / 19

Performance measurements of syslog-ng Premium Edition 4 F1

Security Solutions

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

PCI Compliance Auditing and Forensics with Tectia Guardian

GFI Product Manual. Deployment Guide

Exporting IBM i Data to Syslog

What is new in BalaBit Shell Control Box 4 LTS

Acronis Backup & Recovery 11.5

Enterprise Manager. Version 6.2. Administrator s Guide

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

Attix5 Pro Overview. V7.x. An overview of the Attix5 Pro product suite.

Today we continue to deliver high-performance hardware and easy-to-use software solutions that protect the world s data.

WHITE PAPER September CA Nimsoft Monitor for Servers

Every organization has critical data that it can t live without. When a disaster strikes, how long can your business survive without access to its

Mobile Admin Architecture

Symantec Messaging Gateway 10.5

LEPIDEAUDITOR SUITE- DATASHEET

EISOO AnyBackup Family 5.0 All-in-One Protection

Disaster Recovery Strategies: Business Continuity through Remote Backup Replication

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Archive-SeCure 1600 for Small Businesses

C p o y p r y i r g i h g t D t e a t i a lie l d

Remote Application Server Version 14. Last updated:

Security Correlation Server Quick Installation Guide

NETWRIX EVENT LOG MANAGER

Enforcive /Cross-Platform Audit

Network Configuration Manager

Federal and Large Enterprise Solutions - FAQs

Release Notes. Cloud Attached Storage

IBM Tivoli Compliance Insight Manager

Verax Service Desk Installation Guide for UNIX and Windows

ALERT LOGIC LOG MANAGER & LOGREVIEW

Windows Quick Start Guide for syslog-ng Premium Edition 5 LTS

Netwrix Auditor. Сomplete visibility into who changed what, when and where and who has access to what across the entire IT infrastructure

MySQL Security: Best Practices

Shipping Products Chart. Contents

Symantec NetBackup 7.1 What s New and Version Comparison Matrix

VMware Mirage Web Manager Guide

HP E-PCM Plus Network Management Software Series

NetCrunch 6. AdRem. Network Monitoring Server. Document. Monitor. Manage

Data Backup and Restore (DBR) Overview Detailed Description Pricing... 5 SLAs... 5 Service Matrix Service Description

Heroix Longitude Quick Start Guide V7.1

SapphireIMS Business Service Monitoring Feature Specification

File Services. File Services at a Glance

Remote Application Server Version 14. Last updated:

Content Distribution Management

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

DATA BACKUP & RESTORE

Contents. Platform Compatibility. GMS SonicWALL Global Management System 5.0

Creating client-server setup with multiple clients

SOSFTP Managed File Transfer

Shipping Products Chart. Contents

Xirrus Management System

Parallels Plesk Automation

Enterprise Manager. Version 6.2. Installation Guide

Network Faxing and HIPAA: Security and Privacy in the Health Care Industry

Evaluating the Balabit Shell Control Box

Symantec Messaging Gateway 10.6

DocuShare Installation Guide

HP PCM Plus v3 Network Management Software Series Overview

Archive Data Retention & Compliance. Solutions Integrated Storage Appliances. Management Optimized Storage & Migration

Release Notes. LiveVault. Contents. Version Revision 0

A Universal Logging System for LHCb Online

Alliance Key Manager A Solution Brief for Technical Implementers

Cisco Application Networking Manager Version 2.0

Cloud Backup Service Service Description. PRECICOM Cloud Hosted Services

EMC Data Protection Advisor 6.0

Remote Access Clients for Windows

DocuShare Installation Guide

Security Correlation Server Quick Installation Guide

FREQUENTLY ASKED QUESTIONS

Alliance AES Encryption for IBM i Solution Brief

Synchronization Agent Configuration Guide

Archive-SeCure 3600 for Midsized Businesses

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

SAN TECHNICAL - DETAILS/ SPECIFICATIONS

The safer, easier way to help you pass any IT exams. Exam : Storage Sales V2. Title : Version : Demo 1 / 5

Clavister InSight TM. Protecting Values

Quest InTrust. Version 8.0. What's New. Active Directory Exchange Windows

SUN COBALT RaQ 4 Server Appliance FAQ

owncloud Architecture Overview

Configuring Celerra for Security Information Management with Network Intelligence s envision

Transcription:

The syslog-ng Store Box 3 LTS PRODUCT DESCRIPTION Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com

Introduction The syslog-ng Store Box (SSB) is a high-reliability and high-performance log management appliance to collect, classify, organize, and securely store log messages for enterprises who operate log management infrastructure. Featuring a powerful web-based search interface and customizable reporting and statistics engine, SSB facilitates easier log review and auditing. SSB offers customizable user role separation and strong encryption methods to prevent unauthorized access to sensitive data. It features fine-tuned access control to log messages and automatic data archiving and backup, helping your organization to fulfill compliance requirements such as SOX, Basel II, HIPAA, COBIT or PCI-DSS. SSB is available in a variety of configurations to suit your needs.

Application areas Central log collection and archiving SSB offers a simple, reliable, and convenient way of collecting log messages centrally. It is a turnkey, high-capacity log server with high-availability support. Able to collect logs from a wide variety of platforms, it can be easily integrated into any IT environment. Secure log transfer and storage Log messages often contain sensitive information and also form the base of audit trails. Preventing eavesdropping during message transfer and unauthorized access once the messages reach the logserver is essential for security and privacy reasons. All data can be stored in encrypted, digitally signed, and timestamped files, preventing any modification or manipulation, satisfying the most stringent security standards and policy compliance requirements. Automated log monitoring and log preprocessing Monitoring log messages is an essential part of system-health monitoring and security incident detection and prevention. SSB offers a powerful platform that can classify tens of thousands of messages real-time to detect messages that deviate from regular messages, and promptly raise alerts. Although this classification does not offer as complete an inspection as a log analysis application, SSB can process much more messages than a regular log analysis engine, and also filter out unimportant messages to decrease the load on log analysis tools. Policy compliance Many organization must comply to regulations like the Sarbanes-Oxley Act (SOX), the Basel II accord, the Health Insurance Portability and Accountability Act (HIPAA), or the Payment Card Industry Data Security Standard (PCI-DSS). These regulations often have explicit or implicit requirements about log management, such as the central collection of log messages, the use of log analysis to prevent and detect security incidents, or guaranteeing the availability of log messages for an extended period of time up to several years. SSB helps these organizations to comply with these regulations.

Typical end-users The syslog-ng application is used worldwide by companies and institutions who collect and manage the logs of several hosts, and want to store them in a centralized, organized way. Using syslog-ng is particularly advantageous for: Internet Service Providers; Telecommunications Operators; Financial institutions and companies requiring policy compliance; Server, web, and application hosting companies; Educational Institutions; Government Agencies Product features and benefits Secure log collection using TLS Trusted, encrypted, signed, timestamped storage Log collectors for over 40 Unix and Windows platforms Real-time message classification Fast search via indexed log messages Easy integration into your existing infrastructure Supports High Availability Easily managed from web browser Automated data archiving and backup

Secure, reliable log transfer The syslog-ng Store Box can receive log messages sent using both the legacy BSD-syslog protocol, as well as the latest syslog protocol standards. Transferring messages to SSB is supported using the UDP, TCP, and TLS protocols. Mutual authentication of the TLS-encrypted channels maintains the integrity and confidentiality of the transferred information. Using syslog-ng to transfer the log messages helps you avoid losing messages even in case of network or hardware errors. Trusted, timestamped log storage The syslog-ng Store Box can store log messages securely in encrypted, compressed, and digitally signed binary files. That way any sensitive data is available only for authorized personnel who have the appropriate encryption key. Sections of the log files can be timestamped; timestamps can be requested from external Timestamping Authorities as well. The contents of the log files are indexed terabytes of data can be browsed online. All data is stored on mirrored RAID devices to prevent data loss in case of hardware failure. Using two SSB units in high availability is a simple and convenient way of ensuring continuous log collection. Direct database access In addition to storing your log messages locally, SSB can also forward them directly to databases, or remote servers, including log analysis applications. The following databases are supported: MySQL, Microsoft SQL (MSSQL), Oracle, and PostgreSQL.

Managing SSB SSB is configured from a clean, intuitive web interface. The roles of each SSB administrator can be clearly defined using a set of privileges: manage SSB as a host; manage log collection, forwarding and storage; configure various alerts; browse the collected logs reports. The web interface is accessible via a network interface dedicated to management traffic. This management interface is also used for backup, sending alerts, and other administrative traffic. All configuration changes are automatically logged, simplifying auditing of SSB. Fine-tuned access control The SSB web interface features highly customizable access control. Using this together with the powerful message-sorting capabilities of syslog-ng, you can exactly specify which log messages to which a user has access. For example, it is possible to grant access only to the logs of a specific application to the support engineer for that application it is even possible to restrict access based on the time frame of the data. LDAP integration SSB can connect to a remote LDAP database (for example, a Microsoft Active Directory server) to resolve group memberships of the users who access the SSB web interface. Privileges to configure SSB or browse different logs can be defined based on group memberships. Real-time log monitoring Even though SSB is not a log analysis engine, it is able to classify individual log messages. Administrators can define log patterns on the SSB interface, label matching messages (for example, security event, user login, and so on), and also extract important data (for example, usernames and IP addresses) from messages. SSB can create statistics and custom reports on the extracted information. SSB can send message rate alerts to detect if the syslog-ng inside SSB has stopped working, one of the clients/sites sending logs is not detectable, or one of the clients/sites is sending too many logs, probably unnecessarily.

Log collector agent for over 40 platforms SSB uses the syslog-ng Premium Edition application to collect logs from different operating systems and hardware platforms, including recent and legacy Linux- and Unix-variants, BSD, HP-UX, IBM AIX, IBM System I, Microsoft Windows XP, Server 2003, Vista, Server 2008, Windows 7, Sun Solaris, and Tru64. Agent for Microsoft Windows platforms The syslog-ng Agent for Windows is a log collector and forwarder application for Microsoft Windows platforms, including Windows 7 and Windows Server 2008. It collects log messages from eventlog groups and log files and forwards them to SSB using regular or TLS-encrypted TCP connections. The syslog-ng Agent can be managed from a domain controller using group policies, or run as a standalone application. Agent for IBM System i platforms The syslog-ng agent for IBM System i is a system log collector and forwarder application for the IBM System i (formerly known as AS/400 and IBM iseries) platform. It collects application and system messages, as well as messages from the System i security audit journal (QAUDJRN) and the operator message queue (QSYSOPR). The collected messages are forwarded to SSB using regular or TLS-encrypted TCP connections. The syslog-ng server can run on a separate machine, or directly on IBM System i in the Portable Application Solutions Environment (PASE). The syslog-ng Agent for IBM System i is available as a standalone product and must be licensed independently from syslog-ng Store Box. Automatic data and configuration backups Stored log messages and the configuration of SSB can be periodically transferred to a remote server using the following protocols: Network File System protocol (NFS); Rsync over SSH; Server Message Block protocol (SMB/CIFS). The latest backup including the data backup can be easily restored via SSB s web interface. Automatic data archiving Stored log messages can automatically be archived to a remote server. The data on the remote server remains accessible and searchable; several terabytes of audit trails can be accessed from the SSB web interface. SSB uses the remote server as a network drive via the Network File System (NFS) or the Server Message Block (SMB/CIFS) protocol. High Availability support When log messages are sent to SSB and not stored locally, SSB can be a single point of failure. If SSB fails, the collected logs are unavailable and might be lost forever. Since this is not acceptable for critical servers and services, SSB is available with HA support. In this case, two SSB units (a master and a slave) having identical configuration operate simultaneously. The master shares all data with the slave node, and if the master unit stops functioning, the other one becomes immediately active, so the servers are continuously accessible. SSB1000d and larger versions are also equipped with dual power units.

Handle extreme load The syslog-ng Store Box is optimized for performance, and can handle enormous amount of messages. Depending on its exact configuration, it can process over 75,000 messages per second real-time, and over 24 GB raw logs per hour. Larger versions of the appliance are capable of storing up to 10 Terabytes of data. Software upgrades Software upgrades are provided as firmware images upgrading SSB using the SSB web interface is as simple as upgrading a network router. SSB stores up to five previous firmware versions, allowing easy rollback in case of any problems. Upgrades for syslog-ng Premium Edition the log collector agent of SSB are available from the BalaBit website. Support and warranty Support and software subscriptions for SSB can be purchased on an annual basis in various packages, including 7x24 support and on-site hardware replacement. Contact BalaBit or your local distributor for details. Hardware specifications SSB appliances are built on high performance, energy efficient, and reliable servers that are easily mounted into standard rack mounts. syslog-ng Store Box SSB1000 1xQuad Core CPU, 4 GB RAM, 1 TB SATA HDD, RAID1 Software license for 50 Log Source Hosts, upgradeable to unlimited. syslog-ng Store Box SSB1000d 2xQuad Core CPU, 24 GB RAM, redundant power supply, 1 TB SATA HDD, RAID1 Software license for 50 Log Source Hosts, upgradeable to unlimited. syslog-ng Store Box SSB10000 2xQuad Core CPU, 24 GB RAM, redundant power supply, 10 TB SATA HDD, RAID50 Software license for unlimited Log Source Hosts. syslog-ng Store Box VA Virtual appliance to be run under VMware ESXi Software license for 50 Log Source Hosts, upgradeable to unlimited. syslog-ng Store Box SSB5000 2xQuad Core CPU, 24 GB RAM, redundant power supply, 5 TB SATA HDD, RAID50 Software license for unlimited Log Source Hosts.

Free evaluation A demo version of SSB is available as a VMware image upon request. TO TEST THE SYSLOG-NG STORE BOX, REQUEST AN EVALUATION VERSION AT HTTP://WWW.BALABIT.COM/MYBALABIT/ To learn more about commercial and open source BalaBit products, request an evaluation version, or find a reseller, visit the following links: The syslog-ng homepage: http://www.balabit.com/network-security/syslog-ng/ The Shell Control Box homepage: http://www.balabit.com/network-security/scb/ The syslog-ng Store Box (SSB) homepage: http://www.balabit.com/network-security/syslog-ng/log-server-appliance/ Product manuals, guides, and other documentation: http://www.balabit.com/support/documentation/ Request an evaluation version: https://www.balabit.com/mybalabit/ Find a reseller: http://www.balabit.com/partnership/commercial/

GUARDING YOUR BUSINESS Copyright 2000-2012 BalaBit IT Security All rights reserved. www.balabit.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information