|
Assuria Log Manager
Architecture
and Components
Assuria Log
Manager (ALM) is designed to meet the requirements of enterprise wide
management of audit logs generated by systems, devices and applications.
ALM is equally applicable to installations with ten systems or tens of
thousands of systems.
Assuria Log Manager manages large communities of logs from
Servers and Workstations, Windows, LINUX or UNIX as well as Databases,
Applications and other network devices such as firewalls and routers.
Assuria Log Manager does not preclude the collection of logs from other
devices such as building access control systems.
Assuria Log Manager ensures the integrity and continuity of
audit log data by securely collecting the audit logs from enterprise wide
systems into a central point, in a secure and forensically sound way,
where it may be used for analysis, reporting or forensic investigation.
An agent is installed on source systems. The agent monitors
the configured audit logs and initiates transfer where the policy criteria
are met. Before logs are transferred to the central store a SHA256
checksum is calculated and the log digitally signed at source. The
transfer of logs over the network is encrypted.
Logs can be
processed by a rules-based analysis engine, allowing ‘interesting’ events
to be tagged and written to a database for further analysis.
Logs can be
archived to secure long terms storage. All of the handling of the logs
preserves the original format so that they are suitable, if required, for
forensic analysis.
Assuria
“Content Packs” are used to define log format, content and rules for event
identification and tagging. A “content pack” is required for each type /
format log.
Architecture Components.
Log Manager
Agent:
Monitors and
collects logs and securely transfers to the Collector. The Agent can
optionally sign each log.
Log Manager
Alerter:
An optional near real-time alerter, integrated with the Log Manager agent,
that can be configured to generate alerts when specific events are
detected in monitored logs.
Log Manager
Collector: Receives
logs from Agents and transfers the log to the Log Store. Validates
received logs and can optionally sign each log. Logs are indexed as they
are collected and stored.
Log Store:
A file structure used to store collected logs, metadata and ALM
configuration and report data.
Log Manager
Database:
holds information about tagged ‘Interesting Events’, Agents, Logs and
Agent policies.
Log Data
Analyser:
Analyses logs, tagging those with interesting events as defined in a set
of ‘Content Packs’. The analysis results are stored in the database for
reporting and display.
Log Data
Archiver:
Manages the archiving of selected sets of logs based on flexible criteria.
Allows tracking of archives on secondary and removable media.
Log Data
Reporter:
Provides a flexible report generation system based on database queries and
employing XML/XSL technologies to produce reports in HTML, TEXT or PDF.
Log Manager
Console: A
GUI to manage Agents and policies; provides the interface to the reporting
and archiving functionality.
Log Manager
Content pack:
‘Content Packs’ are used to define log format, content and rules for event
identification and tagging. A ‘Content Pack’ is required for each
type/format of log.
Resilient
configuration
Assuria Log
Manager is a modular system and can be configured in a number of ways in
order to meet user requirements for high availability and / or resilience
of volume / capacity.
Multiple
collectors can be configured and agents configured so that they can use
whichever Collector is available with Load Balancing.
The Store and
Database can, where required, be replicated using replication
functionality native to the store or database. If required multiple agents
can be installed on a single log source system though each agent must
handle its own unique set of logs.
|
Assuria® is a registered
trademark of Assuria Limited.
Assuria Auditor and AutoUpdate are trademarks of Assuria Limited.
System Scanner and
X-Press Update are
registered trademarks of Internet Security Systems Inc. of Atlanta,
Georgia, USA
©
Copyright 2005, 2006, 2007, 2008 Assuria Limited. All rights reserved.
|
|
