LogBlog

« May 2007 | Main | July 2007 »

Logging Glossary: Log Timestamp

As I mentioned here,  I started publishing the LogLogic Logging Glossary. So, here is the ninth term (first second third fourth fifth sixth seventh eighth):

Log Timestamp

The time a log message was written by the software product or a device.

This may or may not be the time the logged  event actually happened as timing of log records differs across the products.

Logging protocols or APIs may be used instead of this timestamp. Often, products that use an API or protocol will not create a log timestamp and an API call is needed to determine the time.

Posted June 28, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Our Very First Customer

Recently our first customer -- a financial company -- participated in a case study on Log Management as part of the SANS Institute's What Works series. The customer (sorry, we can't share their name) deployed our very first evaluation unit and was our initial beta site. It was facinating to hear Victor Hsiang reminisce about the early days of LogLogic from the customer's perspective -- and how we've evolved as a company, technology -- and now industry since then.

He talked about those first products. What we do well. What we could do better. He says we are mature (shh, don't tell anyone) and responsive. But most of all he says that we have evolved into a product that "helped us move forward in standardizing on one log management solution for "this large financial firm" globally." (Yes, we are blushing.)

Victor also talks about how he uses log management for Compliance (SOX) use case and discusses how the product is being used in live troubleshooting with the company's own customers. Staff's time is being spent on custom reporting, but he also explains that once they had a template and process, is simple. Our software team is particularly pleased he said the interface was "intuitive" and did not require training. (They liked it so much the GUI team is even are trying to use it as an excuse to get an extra day off next week :-)

Our favorite quote?

"It was literally bring the box in, or the appliance, install it in the rack, provide power, IP address it, give it a DNS and a gateway. Then exit the data center and go back to your desk and start to configure your devices to send logs to it. "

Oh and yes Victor, we'll look into that feature request. Check out the case study and 40 minute replay at SANS.

Technorati : , ,

Posted June 28, 2007 in Compliance , Log Management & Intelligence , Risk Management | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Defend In Depth

Earlier in June, Mark Ford, who lead's Deloitte and Touche's Security and Privacy Services practice, was interviewed by IT Security.

According to Ford, IT security is one of the top issues for CIOs. However, he also noted that a corporate focus on IT security is quicker to take hold in information-centric organizations (banks and other financial service organizations, for example) than in industries like manufacturing or retail that are more geared towards consumers and whose focus is on business operations. With the increase in regulatory focus of such mandates as PCI-DSS and SOX, this has changed over the past few years as corporations in a variety of industries need to have strong IT security in order to be compliant.

What does this mean? Ford commented that historically, companies have put emphasis on the perimeter threat as the key component of IT security. But now, security emphasis is shifting towards a layered defense of the IT infrastructure. The perimeter is still important, but can no longer be considered the main component.

A shift away from the traditional security approaches and towards log management and intelligence, which allows for just the layered sort of approach Ford approves.

Technorati : , , , ,

Posted June 25, 2007 in Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Career Fair

LogLogic is hiring and we'd love to have you in to meet with our Hiring Managers & VPs for the following positions:

Join us on Wednesday, June 27th from 5-8pm; LogLogic, Inc., 110 Rose Orchard Way, Suite 200, San Jose, CA 95134

Refreshments will be served. Bring your resume or paste your resume into an email with “Position – YOUR NAME” in the subject line to: careers@loglogic.com

Posted June 21, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Compliance Driving Log Management Push

InfoSec magazine is carrying a great article on the emerging log management market, pointing to its use in meeting compliance mandates. Marcia Savage points to the multitude of compliance mandates as a main driver of log management in enterprises. From the article . . .

Auditors are prodding companies to think about centralized log management in order to ensure control over scattered data, said Trent Henry, senior analyst at Burton Group: "So we have one place that can keep the information and have proper IT controls over the data to make sure it's not tampered with or lost or accessed by people who shouldn't, and that those policies are enforced."

Quoted in the article is Dave Shackleford, vice president at the nonprofit Center for Internet Security and a SANS instructor, who points to the PCI Data Security Standard as a huge driver of log management.

Companies are figuring out that "they already have a lot of the information that they need to get a good bit of the way towards [PCI] compliance, they just don't have the tools to take that information and do anything with it," he said.

Recently we again sponsored The SANS Institute's 2007 Log Management Survey for the third year in a row, and we saw the same momentum. The research polled more than 650 IT professionals in government, financial services, banking, manufacturing, healthcare, telecommunications, and education sectors from the North American Global 2000 (G2000).

The verdict? The G2000 continues to adopt log management and intelligence to end the 'logjam.' Turns out that despite its importance, security is not the prime motivation for log management. More than half of those surveyed reported operations management and monitoring the health of the network as the prime motivation for using log data. And, 43% indicated compliance with SOX, PCI and other mandates as the top priority. Download the Executive summary here or check out the Webcast here.

The full article is available here.

Posted June 21, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Webcast: Protecting Information Assets

Most enterprises are worried about protecting critical confidential information and customer data. How are you doing it? What are industry best practices for securing infomation assets?

Join us during a daylong event on securing your data at SCMagazine -- along with our partners NetApp and Websense -- on a webcast on June 20, 2007 from 10:30 am PST / 1:30 pm EST. The event will cover such log management topics as:

Aggregating and storing a "fingerprint" of all systems and user activity.
Learn best practices and mandates for log data retention.
Monitoring access to information stored in your enterprise.
Understand how to alert and report on the flow of information across multiple systems and platforms.
How does log data work together with information leakage solutions to prevent privacy violations?
How can you protect chain of custody and ensure that the information will stand up as evidence in the court of law?
How quickly should you be able to produce and share reports?
What are common reports and alerts being used for information asset and compliance enforcement?

Log data is the digital equivalent of a surveillance camera. It functions a deterrent and also provides legal evidence to prosecute those who leak or steal information. In this special Webcast, subject-matter experts from LogLogic, WebSense and NetApp will discuss how organizations can ensure IT Governance, Compliance and mitigate risk with multiple mandates using next generation Log Management and Intelligence, Data Leakage Prevention and high performance and high-security records retention.

Register here.

Technorati : , ,

Posted June 19, 2007 in Compliance , Risk Management , Security | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

National Data Security Laws Evolving

Only about two-thirds of existing state data breach notification laws apply to state agencies according to Bruce Brody, vice president of information assurance at CACI in an article at Federal Computing Week.

FCW asks the question -- Would a federal breach notification law bring greater security and sanity to those who find their personal data has been lost or stolen?

The impact of emerging state laws targeting data security and how government agencies factor into being governed by those laws is quite an interesting read. And joining these local initiatives are a host of proposed national bills. The implications of these laws as well as the impact they could have on non-government organizations is going to be a hot debate. Even we got into the discussion, as our resident expert Anton Chuvakin (also LogLogic's Director of Product Management ) weighs in on the topic in the FCW piece.

Chuvakin notes that while existing state laws are already working to protect consumers, he cautions on the realities a national law could bring with it:

"Because many existing state laws are effectively working to protect consumers affected by data breaches, federal legislators must be careful not to pass a national law that is less rigorous than the laws many states have passed, said Anton Chuvakin, director of product management at LogLogic, a risk mitigation company. Were that to happen, he added, "some citizens could lose the protections they enjoy now."

As we noted earlier this year, ignoring data security mandates could cost plenty. Thanks to very high profile breaches like TJMaxx are not only making headlines, but some consumers are nervous about their data and privacy. And US Congress to the European Commission (EC), along with state initiatives in Minnesota, Texas, and California are popping up to deal with the issue.

Technorati : , , , ,

Posted June 12, 2007 in Compliance , Log Management & Intelligence | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Logging Glossary: Log Forwarder

As I mentioned here,  I started publishing the LogLogic Logging Glossary. So, here is the eigth term (first second third fourth fifth sixth seventh):

Log Forwarder

A tool or product component that monitors logs, or other data, on the originating system and delivers ("forwards") the logs to remote systems.

Forwarders are most often used with systems without a native remote logging capability, or does not support a desired remote logging protocol or format.

A forwarder is may reside on the originating system [Snare], or be another system dedicated to collecting and forwarding logs [Lasso]. A separate system forwarder does not aggregate or provide any form of log management.

Forwarders tend not to change the logs, other than to make them consumable by the remote system or by adding its own header. This may include multi-line to single-line conversion, or character conversion.

A forwarder may be simple or very configurable. It can include multiple protocols or formats, localization options, filtering, and delivery options. If a resource file is available, select equivalent messages for a different localization.

It may or may not monitor logs in real-time. It may be invoked on a schedule, after the logs are closed or, a transformation process or table dump has finished.

It is common for log management vendors to provide forwarders (sometimes called "log routing") or have the ability to forward messages. A provided forwarder may be general purpose or only work with the log management product, or both.

Posted June 11, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Open Source Enterprise & Log Management

At Open Source Enterprice, Jon Walker covers open source log mangement technologies. From the article ...

" . . . the open source community has been pretty effective in building pieces of log management infrastructure. Syslog-NG enables log collection from Unix servers and network devices, serving as a better replacement for standard syslog daemons than is typically provided by operating system vendors as a primary example of open source excellence., There are also a huge number of simple scripts and small programs such as logwatch, logsentry, and fwanalog that were written by the open source community over the years to handle specific logs or a particular slice of a log puzzle. At times it seems that it was easier for some people to create their own script instead of looking for one online. However, most of these tools focused on Unix and Linux platforms and largely ignored Windows-based systems."

LogLogic's open source efforts and community-related project, LASSO.

One of the recent open source solutions that enables a critical part of log management is Project LASSO, a Windows-based open source software designed to collect Windows event logs, including custom application logs, and provide for the central collection and transport of Windows log data via TCP syslog to any syslog-NG compatible log receivers. Before Project LASSO incorporating Windows server and workstation logs in an overall log management process was extremely onerous.

Available under the Gnu license, Project Lasso is a LogLogic-sponsored and community-supported open source project that promotes rapid development of innovative technologies for monitoring any kind of Windows-based event. It is hosted at SourceForge.

Check out the entire article here.

Technorati : , ,

Posted June 07, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

2007 Log Management Survey Detailed

Yesterday, we held a webcast with The SANS Institute to announce the complete findings of the 2007 Log Management Survey. The survey, sponsored by LogLogic for the third year in a row, polled more than 650 IT professionals in government, financial services, banking, manufacturing, healthcare, telecommunications, and education sectors from the North American Global 2000 (G2000) - Forbes's comprehensive list of the world's biggest companies.

The verdict? The G2000 continues to adopt log management and intelligence to end the 'logjam.' Turns out that despite its importance, security is not the prime motivation for log management. More than half of those surveyed reported operations management and monitoring the health of the network as the prime motivation for using log data. And, 43% indicated compliance with SOX, PCI and other mandates as the top priority. Download the Executive summary here or check out the Webcast findings here.


Technorati : , , , ,

Posted June 07, 2007 in Compliance , Log Management & Intelligence , Risk Management | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

California Considers Making PCI DSS Law

This week California is considering a bill that would require organizations that accept credit and debit cards to follow the Payment Card Industry (PCI) Data Security Standard. Noncompliance could mean banks would have to cover the costs associated with notifying customers that their credit card numbers may have been stolen and the cost of replacing credit cards, at a cost that could run upwards of $1 million per breach, according to estimates in a California State Senate report in May that provided details on the bill. The California law would apply to anyone who wanted to do business with a California resident, according to this article at Government Executive blog.

The public backlash after the January disclosure of a major security breach by Massachusetts based retailer TJX has acted as a stimulus for attention and consumer protection mandates. Just last week Minnesota enacted the Plastic Card Security Act, based on the PCI Standard. And other states like Massachusetts and Texas are also considering laws. The Lone Star state's House voted unianimously to approve the PCI-related bill, but the state Senate closed its session before it could vote on the issue.

Log management can help out with complying with the PCI DSS regulations quickly, plugging into your existing IT infrastructure. For some tips, check out 7 Habits of Highly Effective PCI Compliance- a Forrester Webcast with analyst Khalid Kark, sponsored by LogLogic. A PCI book is on the way from LogLogic's Anton Chuvakin later this year.

Technorati : , ,

Posted June 07, 2007 in Compliance , Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

ITIL Gets An Update

ITIL is getting an update after 7 long years. The UK's Office of Government Commerce (OGC) is updating their comprehensive documentation of best practices for IT Service Management. As part of the launch of the new ITIL V3, the organization is hosting a series of roadshows throughout the world beginning today in London -- with stops in San Jose, CA and Chicago, IL here in the US in June.

New ITIL V3 is to consist of 5 central books and an official introduction book, according to the OGC. These incorporate the best of ITIL V1, V2 and tested current best practice for ITSM. The 5 central books are made up of Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.

CIO.com is featuring a good overview of ITIL with some pros and cons of using the framework. The short version is that ITIL is the industry's most widely accepted approach to IT service management, provides a cohesive set of best practices, drawn from the public and private sectors globally and is supported by field-tested implementation methodologies and assessment tools, certification and accredited training organizations.

LogLogic offers an ITIL Pocket Guide a pragmatic approach to ITIL implementations. There are 50 reports and 45 alerts in the LogLogic ITIL package to get you started with ITIL and Log Management and Intelligence. To obtain a copy of the guide, go here.

Technorati : , ,

Posted June 05, 2007 in Compliance , Log Management & Intelligence | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Logging Glossary: Log Format

As I mentioned here,  I started publishing the LogLogic Logging Glossary. So, here is the seventh term (first second third fourth fifth sixth):

Log Format

A defined sequence of characters and/or delimiters in a message, and the location of fields.

Such characters can be descriptive text, field names, or special character sequences. Delimiters are often spaces, tabs, commas, pipes ('|'), columns, etc.

A binary log format will not have any delimiters but only fixed width fields of bits of pre-defined sizes.

Posted June 05, 2007 in | Permalink | Comments (0)

« May 2007 | Main | July 2007 »

Why Banks Are Moving to Log Management

Banking Information Security magazine is covering the emerging trend in log management as it makes it way through the banking sector. They profile LogLogic cusomer, Citizens & Northern Bank, a $1.2B bank out of Pennsylvania, that has made log management a requirement for meeting compliance mandates with Gramm-Leach-Bliley and Sarbanes-Oxley. Using log management, the bank's auditors now have a way to easily track and monitor log data and get compliant fast.

Citizen's Bank learned early on what other G2000 companies are now realizing -- log management is inceasingly becoming the weapon of choice in the quest for compliance. Banking, an industry known for security and scrutiny of IT products is joining a growing trend of deploying log management for security, forensics, loss prevention and compliance. Why? As the article explains, the Industry's Federal Financial Institutions Examination Council (FFIEC) says that "without real log management, organizations are out of compliance and at risk" and calls on companies to monitor their log data. From the article,

"As administrators responsible for various network devices and operating systems, we need to know what typical behavior is," says Pete Boergermann, head of MIS at Citizens & Northern. "When we look at events, we are more apt to know what we are looking at and respond."

Read more about Citizen and Northern Bank's log management deployment in this SANS What Works case study from last year. Log Management and Intelligence is on the IT and business agenda. Industry trends are available in the just-released market survey on log management adoption. The LogLogic-sponsored research study with the SANS Institute is available for preview here or join us with SANS for a presentation of the trend at a joint webcast.

The complete article is at Banking Information Security, please note that registration may be required.

Posted June 04, 2007 in Compliance , Log Management & Intelligence , Risk Management , Security | Permalink | Comments (0)

Visit loglogic.com

I ♥ Logs

Subscribe to this blog’s feed RSS

June 2010
Sun Mon Tue Wed Thu Fri Sat
    1 2 3 4 5
6 7 8 9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28 29 30      
Categories
Archives
Blogroll
Blogroll
Compliance
Good Reading
LogLogic
LogLogic Partners
Sites We Watch