Log management is a primary function for next-generation SIEM tools within the broader context of collection, indexing and retention of any log files. Log management covers comprehensive log collection, aggregation, normalization, taxonomy, analysis and original (raw, unmodified) log retention.
After collection, Logsign filters, parses, classifies and normalizes logs for a clear understanding. Manage and store both centralized or distributed logs corresponding to organizations’ structures and needs. Faster search, indexing and quick access to stored or live data is also critically important for log management. Logsign enables faster performance, availability and backup via its HDFS and NoSQL architecture. Everday logs are piling up more and more. Logsign has an unlimited storage capacity. Log retention can be done efficiently to manage organizational costs via Logsign Data Policy Manager by setting rules for each log source.
Logsign aggregates system, network and audit logs from various sources. These can be firewalls, anti-virus applications, virtual private networks, routers and switches, IDS/IPS, network devices, Windows, Linux/Unix, databases, VMware ESX, mail servers, web servers and many more. Logsign offers features such as “High Availability” and “Remediation from Critical Status” in order to provide a seamless collection and storage of log source data.
Logsign search module allows high speed search capability using Elastic search. Using Hadoop Distributed File System (HDFS), which is generally used for processing Big Data, Logsign provides efficient clustering. This is the best way to efficiently manage Big Data as well as to enable fast search processes. Benefiting from its suitable NoSQL architecture, Logsign enables efficient management of Big Data collected via the Internet of Things.
Logsign archives log data collected from various sources in its archive folders and saves them in a 1:40 compressed format. The copies of archive folders can be moved to any new desired destination. Respecting legal requirements, Logsign generates for each log a hash value and signs and time-stamps them with a digital signature.
The signature process consists of first signing each line and then at the end of the day signing each compressed file.
After the log collection, Logsign normalizes all time formats in a unified platform, in which “Time Received” and “Time Generated” columns are integrated. ”Date/Time” formats collected from all the sources are indicated in each signing process. Incident time and system time are both saved in real-time.
Logsign fulfills requirements for compliance required by various standards such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Gramm-Leach-Bliley Law (GLBA), North American Electric Reliability Corporation (NERC), Federal Information Security Modernization Act (FISMA), Sarbanes–Oxley (SOX) and ISO 27001.
Effective normalization and unique mapping architecture is a thorough method to parse data without losing any critical information. This method allows customizable reports that are scalable and easy-to-update. Logsign provides for all integrated data relevant predefined reports and dashboards.