In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-17 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >
Share
Shulou(Shulou.com)06/03 Report--
This article mainly introduces "how to deploy log audit system". In daily operation, I believe many people have doubts about how to deploy log audit system. Xiaobian consulted all kinds of information and sorted out simple and easy operation methods. I hope to help you answer the doubts about "how to deploy log audit system"! Next, please follow the small series to learn together!
Log Audit System What is Log Audit?
Comprehensive log audit platform, through centralized collection of information system security events, user access records, system operation logs, system operation status and other information, after standardization, filtering, merging and alarm analysis, centralized storage and management in the form of unified log format, combined with rich log statistics and correlation analysis functions, to achieve comprehensive audit of information system logs.
Through the log audit system, enterprise administrators can understand the operation of the entire IT system at any time and discover abnormal events in time; on the other hand, through post-analysis and rich report system, administrators can easily and efficiently conduct targeted security audits on information systems. In case of special security events and system failures, log audit system can help administrators to locate faults quickly and provide objective basis for tracing and recovery. [Baidu Encyclopedia]
Why do you need a log audit platform? Due to the promulgation and implementation of network security law, the compliance requirement of log audit has changed from non-compliance to illegality. Failure to keep the required logs for more than six months will result in legal liability once traced. The challenge of safe operation. With the increase of network devices and servers, if there is no unified comprehensive log audit platform, you need to log in to each device to view logs, which is not conducive to the management of operation and maintenance personnel. Moreover, many devices will generate a large number of logs, which cannot be effectively managed. A variety of devices form information islands, and logs cannot be correlated and analyzed. Through a unified log audit platform, all device logs are collected to the log platform for unified management and unified analysis. Core goal of log audit: multi-source data normalization log storage centralized correlation analysis automation security posture three-dimensional log audit main function design idea: unified log collection: collect logs generated by different log sources (host system, network equipment, security equipment, application middleware, database, etc.), and realize centralized management and storage of logs. Support parsing logs of any format and any source, standardized by parsing rules. Collect logs agentless. Log collection in proxy mode. Association analysis: preset multiple event association rules. Locating external threats, hacking attacks, internal violations, device anomalies. Simple and flexible definition of association rules. Real-time alarm: timely notification of alarms by mail, SMS and voice, and automatic running programs or scripts can be invoked through interfaces. Through alarm policy definition, timely alarm or early warning for various risks and events is provided to improve operation and maintenance efficiency. Log Forensic Analysis: In-depth analysis of raw log events to quickly locate the root cause of problems. Generate forensic reports such as attack threat reports, Windows/Linux system audit reports, and compliance audit reports. Regulatory Compliance: Provide Windows audit, Linux audit, PCI, SOX, ISO27001 and other compliance reports. Support the creation of custom compliance report logs Audit system Product functional structure:
product features
Figure: Functional Structure of Log Audit System Product
The main working principle of the log audit system is that logs are pushed to the log audit platform by log collectors and various devices, and then the log audit platform performs correlation analysis through log analysis, log filtering, log aggregation, etc., so as to alarm, statistical report, asset management, log retrieval, etc.
Log forwarding method:
Log forwarding can generally be through Syslog forwarding, Kafka forwarding, http forwarding.
Log collection generally supports: Syslog, SNMP and other log protocols.
Log audit system common module: log event acquisition module: security event monitoring system is one of the important means to grasp the security threat status of the whole network in real time. The event monitoring module monitors log information of various network devices, host systems, etc., as well as security event alarm information of security products, etc., to timely discover ongoing and occurred security events, and to take measures through the response module to ensure safe and reliable operation of the network and business systems. Asset management module: Asset management implements the management of equipment and system objects governed by the network security management platform. It classifies and registers the IP equipment asset information under its jurisdiction according to its importance, and provides information interfaces for other security management modules. Rule base module: The rule base supports mainstream network devices, host systems, database systems, etc., and should also cover deployed security systems, including firewall systems, anti-virus systems, etc. It also provides the new log format adaptation function, and supports receiving new log parsing mapping rule configuration from the Security Operations Center platform. Users can adapt to the new log format according to this adaptation function. Statistical report function: powerful statistical function, can quickly generate a variety of professional reports and support custom chart set display. Permission management module: super administrator can assign permissions to view and operate each module according to user roles. Users can access and only access their authorized resource logs. Deployment mode of hardware products:
Generally, the log audit system can be deployed by bypass, as long as it reaches all devices and the network can be communicated.
Supports standalone deployment and distributed deployment.
At this point, the study of "how to deploy a log audit system" is over, hoping to solve everyone's doubts. Theory and practice can better match to help you learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.