DOCSLIB.ORG

Deployment Guide

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Deployment Guide UNIX Deployment Guide Date Published: 2/8/2021 Securonix Proprietary Statement This material constitutes proprietary and trade secret information of Securonix, and shall not be disclosed to any third party, nor used by the recipient except under the terms and conditions prescribed by Securonix. The trademarks, service marks, and logos of Securonix and others used herein are the property of Securonix or their respective owners. Securonix Copyright Statement This material is also protected by Federal Copyright Law and is not to be copied or reproduced in any form, using any medium, without the prior written authorization of Securonix. However, Securonix allows the printing of the Adobe Acrobat PDF files for the purposes of client training and reference. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. The software may be used or copied only in accordance with the terms of those agreements. Nothing herein should be construed as constituting an additional warranty. Securonix shall not be liable for technical or editorial errors or omissions contained herein. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without the written permission of Securonix. Copyright © 2020 Securonix. All rights reserved. Contact Information Securonix 5080 Spectrum Drive, Suite 950W Addison, TX 75001 (855) 732-6649 Deployment Guide 2 Table of Contents Introduction 4 About UNIX Security Logs 4 Supported Collection Method 4 Format 4 Functionality 4 UNIX Syslog Configuration 4 Identify the Type of Logger 5 Perform a Communications Test 8 Verify Logs Appear on the RIN 8 Configuration in SNYPR 9 Verify the Job 14 Deployment Guide 3 Introduction Introduction This Deployment Guide provides information on how to configure UNIX to send security logs to SNYPR. About UNIX Security Logs UNIX security logs provide information about activities in the environment and include privilege escalation information and information about high critical commands executed over SSH. Supported Collection Method The collection method is syslog. Format The format is regex. Functionality In SNYPR, resource groups (datasources) are categorized by functionality. The functionality determines what content is available when you import the datasource. For more information about Device Categorization, see the Data Dictionary. The functionality of UNIX is Operating System. UNIX Syslog Configuration Complete the following tasks to configure UNIX Syslog to export events to SNYPR: l Identify the system logger. l Perform an optional test. l Verify logs on the RIN. Deployment Guide 4 UNIX Syslog Configuration Identify the Type of Logger Determine which syslog file UNIX uses to send alerts, then configure UNIX to send logs based on the syslog file type. 1. Log into Unix. 2. From the prompt, execute the following command: ls -d /etc/*syslog* 3. Identify which of the following files displays as the result of the command: l rsyslog.conf l syslog-ng.conf l syslog.conf Configuring UNIX to Send Logs Using rsyslog.conf The rsyslog.conf file is most commonly found on Debian, Fedora, SuSE, Ubuntu, and other Linux distributions. Follow the steps below to configure UNIX for systems using the rsyslog.conf file to send alerts: 1. As root, edit the /etc/rsyslog.conf file with a text editor, such as Vi. 2. Paste the following at the end of the file: *.*@remote_ingester_node_ip:port_no 3. Replace the remote_ingester_node_ip variable with the Remote Ingester Node IP address for your environment. 4. Replace the port_no variable with the UDP Port number in your environment. 5. Save the text file and exit the editor. 6. Based on the type of OS you are using on your RIN, execute one of following com- mands to activate the file change: Deployment Guide 5 UNIX Syslog Configuration 7. If your system is Unbuntu: sudo service rsyslog restart 8. For all other systems using rsyslog.conf: sudo /etc/init.d/rsyslog restart 9. Log messages should begin appearing on Remote Ingester Node (RIN). By default, rsyslog sends messages from the system's hostname. Configuring UNIX to Send Logs Using syslog-ng.conf The syslog-ng file is often used on Gentoo 2005.0+ and SuSE 9.3+ systems. Follow the steps below to configure UNIX for systems using the syslog-ng.conf file to send alerts: 1. As root, edit /etc/syslog-ng.conf with a text editor. 2. In the line that starts with source (For example: source s_sys {..}), identify the name of the source, typically s_sys, src, s_all, or s_local. 3. At the end of the file, paste the following: destination d_securonix { udp("@remote_ingester_node_ip" port(port_no)); }; log { source(s_sys); destination(d_securonix); }; 4. Replace s_sys with the name you identified in step 2. 5. Replace the remote_ingester_node_ip variable with the Remote Ingester IP address for your environment. 6. Replace the port_no variable with the UDP/TCP port number for your envir- onment. Deployment Guide 6 UNIX Syslog Configuration 7. Execute the following command, to tell the system to activate the change: sudo killall -HUP syslog-ng Note: Log messages should now appear on the Remote Ingester Node (RIN). Configuring UNIX to Send Logs Using syslog.conf The syslogd and sysklogd files are often seen on BSDs; CentOS; Gentoo 2004.3 and older systems, Mac, RHEL, Slackware, Solaris, and most other Unices. The remote_syslog2 application can be used in place of syslogd. Some versions of syslog do not support custom ports and must use the default port 514, but modern BSD versions (including macOS) support custom ports. 1. As root, use a text editor to edit /etc/syslog.conf. 2. Paste the following at the end of the file: *.* @remote_ingester_node_ip:port_no 3. Replace the remote_ingester_node_ip variable with the Remote Ingester IP address for your environment. 4. Replace the port_no variable with the UDP/TCP port number for your envir- onment. 5. Execute the following command, to tell the system to activate the change: sudo killall -HUP syslogd Note: Log messages should now appear on the Remote Ingester Node (RIN). Deployment Guide 7 UNIX Syslog Configuration Perform a Communications Test To confirm that messages are being sent and received, execute the following command to generate a test message: logger "Testing Securonix message delivery" Verify Logs Appear on the RIN On the RIN, verify that you are receiving logs. 1. At the prompt on the RIN, execute the following command: tcpdump -i eth0 udp port 514 -v -A 2. Verify that the RIN displays logs similar to the following: Jul 17 06:59:17 portal-checkout-web-api-server-staging-1 systemd[1]: Started Daily apt upgrade and clean activities. Jul 17 06:59:19 portal-checkout-web-api-server-staging-1 consul [2231]: agent.client.serf.lan: serf: EventMemberFailed: delivery-validation-1.securonix.prod 172.31.34.191 Jul 17 06:59:19 portal-checkout-web-api-server-staging-1 consul [2231]: agent.client.serf.lan: serf: EventMemberFailed: delivery-validation-1.securonix.prod 172.31.34.191 Jun 16 01:46:05 SNX1234 goferd: [INFO][pulp.agent.edda7c71- 34a3-474a-bbc6-2c41f9466904] gofer.messaging.adapter.connect:30 - connected: proton+amqps://abc.securonix.com:5647 Deployment Guide 8 Configuration in SNYPR Jun 16 01:46:05 SNX1234 goferd: [INFO][pulp.agent.edda7c71- 34a3-474a-bbc6-2c41f9466904] root:520 - connected to abc.securonix.com:5647 Configuration in SNYPR To configure Unix in SNYPR, complete the following steps: 1. Login to SNYPR. 2. Navigate to Menu > Add Data > Activity. 3. Click + and select Add Data for Existing Device Type. 4. Click the Vendor drop-down and select the following information: l Vendors: UNIX / Red Hat Linux / Oracle Linux / AIX / BSD l Device Type: UNIX l Collection Method: Regex [syslog] 5. Choose an ingester from the drop-down list. Deployment Guide 9 Configuration in SNYPR 6. Click + to add a filter. Deployment Guide 10 Configuration in SNYPR 7. Provide a unique name for the filter. 8. Enter the following syslog filter in the Filter expression box: {host("10.0.0.1");}; Note: IP address is the address of the source host initiating the traffic. 7. Click Add. 8. Complete the following information in the Device Information section: l Datasource Name: UNIX l Specify timezone for activity logs by clicking the drop-down and selecting a timezone. 9. Click Get Preview on the top right of the screen to view the data. 10. Click Get Preview on the top right of the screen to view the data. 11. Click Save & Next until you reach the Identity Attribution page. 12. Click + > Add New Correlation Rule. Deployment Guide 11 Configuration in SNYPR 13. Enter a descriptive name for the correlation rule. 14. Provide the following parameters to create a correlation rule: Deployment Guide 12 Configuration in SNYPR l User Attribute l Operation l Parameter l Condition l Separator Example: User Attribute: firstname | Operation: None | Condition: And | Separator: . (period) + User Attribute: lastname | Operation: None | Condition: And. This correlation rule will correlate users to activity accounts with the format: firstname.lastname. 15. Scroll to the bottom of the screen and click Save. 16. Click Save & Next. 17. Select Do you want to run job Once? in the Job Scheduling Information section. Deployment Guide 13 Configuration in SNYPR 18. Click Save & Run. You will be automatically be directed to the Job Monitor screen. Verify the Job Upon a successful import, the event data will be available for searching in Spotter. To search events in Spotter, complete the following steps: 1. Navigate to Menu > Security Center > Spotter. 2. Verify that the datasource you ingested is listed under the Available Datasources section.
Load more

Recommended publications
  • Log-Management-Tenshi.Pdf
    Network Monitoring and Management Log Management Network Startup Resource Center www.ws.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/) Log Management & Monitoring • Keep your logs in a secure place • Where they can be easily inspected • Watch your log file • They contain important information – Many things happen – Someone needs to review them – It’s not practical to do this manually Log Management & Monitoring On your routers and switches And, on your servers Log Management • Centralize and consolidate log files • Send all log messages from your routers, switches and servers to a single node – a log server. • All network hardware and UNIX/Linux servers can be monitored using some version of syslog (we use either syslog-ng or rsyslog for this workshop). • Windows can, also, use syslog with extra tools. • Save a copy of the logs locally, but, also, save them to a central log server. Syslog Basics Uses UDP protocol, port 514 Syslog messages have two attributes (in addition to the message itself): Facility Level Auth Security | Emergency (0) Authpriv User | Alert (1) Console Syslog | Critical (2) Cron UUCP | Error (3) Daemon Mail | Warning (4) Ftp Ntp | Notice (5) Kern News | Info (6) Lpr | Debug (7) Local0 ...Local7 | Centralized Logging Configuring Centralized Logging Cisco hardware – At a minimum: logging ip.of.logging.host Unix and Linux nodes – In syslogd.conf, or in rsyslog.conf, add: *.* @ip.of.log.host – Restart syslogd, rsyslog or syslog-ng Other equipment have similar options – Options to control facility and level Receiving Messages – syslog-ng • Identify the facility that the equipment is going to use to send its messages.
    [Show full text]
  • NXLOG Community Edition Reference Manual for V2.9.1716 I
    Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 i NXLOG Community Edition Reference Manual for v2.9.1716 Ed. v2.9.1716 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 ii Copyright © 2009-2014 NXLog Ltd. Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iii Contents 1 Introduction 1 1.1 Overview . .1 1.2 Features . .1 1.2.1 Multiplatform . .1 1.2.2 Modular architecture . .1 1.2.3 Client-server mode . .2 1.2.4 Log message sources and destinations . .2 1.2.5 Importance of security . .2 1.2.6 Scalable multi-threaded architecture . .2 1.2.7 High performance I/O . .2 1.2.8 Message buffering . .2 1.2.9 Prioritized processing . .3 1.2.10 Avoiding lost messages . .3 1.2.11 Apache-style configuration syntax . .3 1.2.12 Built-in config language . .3 1.2.13 Scheduled tasks . .3 1.2.14 Log rotation . .3 1.2.15 Different log message formats . .4 1.2.16 Advanced message processing capabilites . .4 1.2.17 Offline processing mode . .4 1.2.18 Character set and i18n support . .4 2 Installation and quickstart 5 2.1 Microsoft Windows . .5 2.2 GNU/Linux . .6 2.2.1 Installing from DEB packages (Debian, Ubuntu) . .6 2.2.2 Installing from RPM packages (CentOS, RedHat) . .6 2.2.3 Configuring nxlog on GNU/Linux . .6 Ed. v2.9.1716 NXLOG Community Edition Reference Manual for v2.9.1716 iv 3 Architecture and concepts 7 3.1 History .
    [Show full text]
  • Fedora 16 System Administrator's Guide
    Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Jaromír Hradílek Douglas Silas Martin Prpič Eva Kopalová Eliška Slobodová Tomáš Čapek Petr Kovář Miroslav Svoboda System Administrator's Guide John Ha David O'Brien Michael Hideo Don Domingo Fedora 16 System Administrator's Guide Deployment, Configuration, and Administration of Fedora 16 Edition 1 Author Jaromír Hradílek [email protected] Author Douglas Silas [email protected] Author Martin Prpič [email protected] Author Eva Kopalová [email protected] Author Eliška Slobodová [email protected] Author Tomáš Čapek [email protected] Author Petr Kovář [email protected] Author Miroslav Svoboda [email protected] Author John Ha Author David O'Brien Author Michael Hideo Author Don Domingo Copyright © 2011 Red Hat, Inc. and others. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. The original authors of this document, and Red Hat, designate the Fedora Project as the "Attribution Party" for purposes of CC-BY-SA. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, MetaMatrix, Fedora, the Infinity Logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
    [Show full text]
  • Ubuntu Server Guide Basic Installation Preparing to Install
    Ubuntu Server Guide Welcome to the Ubuntu Server Guide! This site includes information on using Ubuntu Server for the latest LTS release, Ubuntu 20.04 LTS (Focal Fossa). For an offline version as well as versions for previous releases see below. Improving the Documentation If you find any errors or have suggestions for improvements to pages, please use the link at thebottomof each topic titled: “Help improve this document in the forum.” This link will take you to the Server Discourse forum for the specific page you are viewing. There you can share your comments or let us know aboutbugs with any page. PDFs and Previous Releases Below are links to the previous Ubuntu Server release server guides as well as an offline copy of the current version of this site: Ubuntu 20.04 LTS (Focal Fossa): PDF Ubuntu 18.04 LTS (Bionic Beaver): Web and PDF Ubuntu 16.04 LTS (Xenial Xerus): Web and PDF Support There are a couple of different ways that the Ubuntu Server edition is supported: commercial support and community support. The main commercial support (and development funding) is available from Canonical, Ltd. They supply reasonably- priced support contracts on a per desktop or per-server basis. For more information see the Ubuntu Advantage page. Community support is also provided by dedicated individuals and companies that wish to make Ubuntu the best distribution possible. Support is provided through multiple mailing lists, IRC channels, forums, blogs, wikis, etc. The large amount of information available can be overwhelming, but a good search engine query can usually provide an answer to your questions.
    [Show full text]
  • Linux and Open Source for (Almost) Zero Cost PCI Compliance
    Linux and Open Source for (Almost) Zero Cost PCI Compliance Rafeeq Rehman 2 Some Introductory Notes ¡ Payment Card Industry (PCI) standard is not a government regulaon. ¡ Who needs to comply with PCI? ¡ Twelve major requirements covering policy, processes, and technology to protect Credit Card Data. ¡ What is Credit Card Data? ¡ Few Clarificaons ¡ Payment Card Industry (PCI) requires some tasks to be performed by external vendors depending upon merchant level. There is no other way around, unfortunately. ¡ Open Source soluCons do need people. That is why it is almost free but not totally free. 9/10/11 3 What the Auditors Look For? ¡ Is PCI just a checklist? ¡ Are auditors genuinely interested in securing the PCI data? ¡ Does it maer if you use an open source or commercial product to meet PCI requirements? ¡ What if you meet PCI requirements while improving security and spending less money? 9/10/11 4 Is it viable to use Open Source for PCI Compliance? ¡ Is there a real company who uses Open Source soQware to achieve PCI compliance? Is it even possible? ¡ PCI 2.0 focuses more on Risk based approach. ¡ PCI (or any compliance) is boring! Make it interesCng by using Open Source. 9/10/11 5 PCI Biggest Expenses 1. Log Management (Storage and archiving, Monitoring and Alerng) 2. Vulnerability Scanning 3. Network Firewalls and Network Segmentaon 4. Intrusion DetecCon System 5. EncrypCon for data-at-rest 6. File Integrity Monitoring 7. IdenCty Management (Password controls, Two factor for remote access, Role based access) 9/10/11 6 AddiConal PCI
    [Show full text]
  • Red Hat Openstack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide
    Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting Last Updated: 2021-05-13 Red Hat OpenStack Platform 16.1 Logging, Monitoring, and Troubleshooting Guide An In-Depth Guide to OpenStack Logging, Monitoring, and Troubleshooting OpenStack Team [email protected] Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
    [Show full text]
  • Rsyslog Doc Documentation Release 8.18.0.Master
    Rsyslog Doc Documentation Release 8.18.0.master foo bar March 09, 2016 Contents 1 Manual 3 2 Reference 275 3 Sponsors and Community 317 4 Related Links 319 i ii Rsyslog Doc Documentation, Release 8.18.0.master Rsyslog is a rocket-fast system for log processing. It offers high-performance, great security features and a modular design. While it started as a regular syslogd, rsyslog has evolved into a kind of swiss army knife of logging, being able to • accept inputs from a wide variety of sources, • transform them, • and output the results to diverse destinations. Rsyslog has a strong enterprise focus but also scales down to small systems. It supports, among others, MySQL, Post- greSQL, failover log destinations, ElasticSearch, syslog/tcp transport, fine grain output format control, high precision timestamps, queued operations and the ability to filter on any message part. Contents 1 Rsyslog Doc Documentation, Release 8.18.0.master 2 Contents CHAPTER 1 Manual 1.1 Configuration Rsyslogd is configured via the rsyslog.conf file, typically found in /etc. By default, rsyslogd reads the file /etc/rsyslog.conf. This can be changed by a command line option. Note that configurations can be built interactively via the online rsyslog configuration builder tool. 1.1.1 Basic Structure This section describes how rsyslog configuration basically works. Think of rsyslog as a big logging and event pro- cessing toolset. It can be considered a framework with some basic processing that is fixed in the way data flows, but is highly customizable in the details of this message flow.
    [Show full text]
  • Remote Logging with Rsyslog
    Remote Logging with Rsyslog Or, How I Learned to Start Worrying and Love the Panopticon Paul Nijjar Kitchener-Waterloo Linux User Group August 10, 2009 Goals Centralize Logging: Look in one place, using one set of tools. Archive Logs: Keep logs around for at least a year. Generate Alerts: Tell me when something goes wrong. Identify Trends: Tell me what “business as usual” looks like. The last two of these goals are still works in progress. Another goal: do this on the cheap, preferably with FLOSS. Rsyslog About Syslog Syslogd is a logging interface used by many Linux programs to write log files. It is responsible for: Many of the files in /var/log: messages, debug, syslog, etc. Messages sent to the system console. Messages forwarded to other systems. Emergency log messages printed on everybody’s screens About Rsyslog Rsyslog is a drop-in replacement for regular syslog. It adds a bunch of features: Better security controls More filtering options/syntax More reliable transport mechanisms Writing to databases Rsyslog is now the default syslogging daemon for Fedora and Debian. Configuring Rsyslog 1 Enable remote logging 2 Write templates for filenames and log formats 3 Filter messages from different hosts to different files 4 Rotate and archive files using logrotate 5 Debug the collection process Config Files In Debian, configuration is done in /etc/rsyslog.conf and /etc/rsyslog.d/*.conf Order matters, so I prepend configuration snippets with numbers: /etc/rsyslog.d/00-AllowedHosts.conf /etc/rsyslog.d/40-Windows-Servers.conf /etc/rsyslog.d/99-EverythingElse.conf In general rules need to begin in the first column (no spaces) and they should be on one line.
    [Show full text]
  • A How to Guide on Modern Monitoring and Alerting Syslog-Ng, Riemann
    SITE MENU A How to Guide on Modern Monitoring and Alerting Sep 2, 2014 Posted By Wernli In Blogs, DevOps Toolbox, Features Tagged Collectd-Notifications, Elasticsearch, Riemann, Syslog-Ng Comments 0 syslog-ng, riemann, collectd-notifications, elasticsearch: putting it all together Context At our organization (ccin2p3) we are building an event-based infrastructure to push structured messages to different subsystems for alerting, reporting and storage. Using syslog-ng, each message is normalized into a structured event, optionally correlated with other messages, and conditionally routed to the next systems, including: a synchronous web-dashboard, different asynchronous alerting systems, and a searchable storage backend. The events which are collected are essentially system and application logs. Here’s a few examples of interesting messages: puppet-agent[16528]: Finished catalog run in 44.06 seconds kernel: Killed process 29959, UID 42046, (hadd) total-vm:202363492kB, anon-rss:130698 60kB, file-rss:60kB ata2.00: exception Emask 0x0 SAct 0xffff SErr 0x0 action 0x0 EXT3-fs error (device dm-1): ext3_journal_start_sb: Detected aborted journal The unified nature of this pipeline makes it possible for a human to easily identify an event in all the available back- and frontends. In this post you’ll learn a way to implement this model, and achieve the following: Collect system metrics Monitor events for outliers Normalize and Correlate these events Route the events to a real-time stream processor and to a searchable storage backend We’ll describe the configuration files you’ll have to change, and explain the workflow that processes an event. For the impatient, we’ll illustrate the final result in a short recorded demo.
    [Show full text]
  • Meeting HIPAA and PCI DSS Requirements In
    Meeting HIPAA and CASE STUDY PCI DSS requirements in Windows environment syslog-ng™ Premium Edition “I RECOMMEND One IdentitY’S The Challenge SYsloG-NG™ PREMIUM EDITION Industry compliance and cross-platform support BECAUSE IT IS A MATURE DataPath needed a solution to transmit system logs over its networks PRODUCT WITH PROVEN while maintaining compliance with regulations which govern the SUCCESS, HAS SOME OF THE healthcare and credit card industry, such as the Health Insurance BEST DOCUMENTATION, IS Portability and Accountability Act (HIPAA) and the Payment Card Industry Data Security Standard (PCI-DSS). These standards require CONTINUALLY BEING DEVELOPED, the use of encryption to protect health information, as well as account AND HAS A RICH FEATURE SET.” data. It was one of DataPath’s main technical problems - to work - Mr. Thomas Robbins , IT Project out a way to send log data to a central location by using TLS mutual Manager, DataPath authentication and encryption. In addition, they needed a solution capable of transferring logs to their Intrusion Detection System (OSSEC) in a custom format. DataPath predominantly uses Windows servers, but different versions of Debian and Ubuntu Linux also run at the company. Consequently, their additional requirement was to find a logging client supporting all of these operating systems. They tested scenarios which incorporated multiple products in combination to meet these goals; however, they found that this greatly increased the difficulty of maintenance. So, they started to look for a new solution which could also DataPath, founded in 1984, is a provide them additional features for the future as their infrastructure and management-owned, privately held requirements grow.
    [Show full text]
  • Log Monitoring and Analysis with Rsyslog and Splunk
    Non è possibile visualizzare questa immagine. Consiglio Nazionale delle Ricerche Istituto di Calcolo e Reti ad Alte Prestazioni Log monitoring and analysis with rsyslog and Splunk A. Messina, I. Fontana, G. Giacalone Rapporto Tecnico N.: RT-ICAR-PA-15-07 Dicembre 2015 Consiglio Nazionale delle Ricerche, Istituto di Calcolo e Reti ad Alte Prestazioni (ICAR) – Sede di Cosenza, Via P. Bucci 41C, 87036 Rende, Italy, URL: www.icar.cnr.it – Sede di Napoli, Via P. Castellino 111, 80131 Napoli, URL: www.na.icar.cnr.it – Sede di Palermo, Viale delle Scienze, 90128 Palermo, URL: www.pa.icar.cnr.it Non è possibile visualizzare questa immagine. Consiglio Nazionale delle Ricerche Istituto di Calcolo e Reti ad Alte Prestazioni Log monitoring and analysis with rsyslog and Splunk A. Messina1, I. Fontana2, G. Giacalone2 Rapporto Tecnico N.: RT-ICAR-PA-15-07 Dicembre 2015 1 Istituto di Calcolo e Reti ad Alte Prestazioni, ICAR-CNR, Sede di Palermo, Viale delle Scienze edificio 11, 90128 Palermo. 2 Istituto per l’Ambiente Marino Costiero, IAMC-CNR, Sede di Capo Granitola, Via del Mare n. 3, 90121 Torretta Granitola – Campobello di Mazara. I rapporti tecnici dell’ICAR-CNR sono pubblicati dall’Istituto di Calcolo e Reti ad Alte Prestazioni del Consiglio Nazionale delle Ricerche. Tali rapporti, approntati sotto l’esclusiva responsabilità scientifica degli autori, descrivono attività di ricerca del personale e dei collaboratori dell’ICAR, in alcuni casi in un formato preliminare prima della pubblicazione definitiva in altra sede. Index 1 INTRODUCTION ......................................................................................................... 4 2 THE SYSTEM LOG PROTOCOL ............................................................................... 6 2.1 Introduction ........................................................................................................................ 6 2.2 The protocol ......................................................................................................................
    [Show full text]
  • Dell EMC Powerstore Open Source License and Copyright Information
    Open Source License and Copyright Information Dell EMC PowerStore Open Source License and Copyright Information June 2021 Rev A04 Revisions Revisions Date Description May 2020 Initial release September 2020 Version updates for some licenses and addition of iwpmd component December 2020 Version updates for some licenses, and addition and deletion of other components January 2021 Version updates for some licenses June 2021 Version updates for some licenses, and addition and deletion of other components The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. Copyright © 2020-2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [6/1/2021] [Open Source License and Copyright Information] [Rev A04] 2 Dell EMC PowerStore: Open Source License and Copyright Information Table of contents Table of contents Revisions............................................................................................................................................................................. 2 Table of contents ...............................................................................................................................................................
    [Show full text]