Log Management

Powerful and Efficient Log Management

The collection and analysis of logs allows you to gain a surface understanding of user and system activity within your network.  Log management also helps you to achieve regulatory compliance: by properly collecting and storing logs, you'll reduce the cost of compliance with a clear, non-reputable audit trail of activity.

NitroView Enterprise Log Manager goes even further--through it's tight integration with the industry's fastest and most scalable SIEM, NitroView ELM is able to efficiently collect, compress and store all log files, while NitroView ESM provides advanced searching, analytics, correlation, alerting and reporting.  With the fastest incident response capable on the market, NitroView ESM will boost your company's security operations efficiency, regardless of how large or small your security staff may be.  And because all events and alerts provide easy one-click access to the original source log record, your forensics efforts will benefit as well.

 

  • Overview
  • Storage
  • Analysis
  • Reporting

NitroView ELM can collect any log format, including text and binary logs, for storage in their raw unaltered form for compliance.  With high-performance log collection and flexible options for compression and storage, NitroView ELM is well suited for all networks, from small businesses managing only a few network devices, to fortune 100 companies operating large distributed enterprises.

As logs are collected, they're digitally signed in order to assure the integrity of stored logs, and then may be stored, parsed for deep analysis using NitroView ESM, or both.  You can chose how each log source is handled, or let NitroView ELM decide for you, using an initial analysis to determine how a log should be treated.  For example: A log file may be stored for compliance, but not analyzed as part of your daily security operations.  However, if that log record contains sensitive information or key words, it can be fully parsed and analyzed using the full capability of NitroView ESM.

NitroView ELM supports the concept of virtual "storage pools", allowing administrators to determine how much physical storage is allocated to specific logs, and how long different logs should be retained for compliance.

This separates the storage requirements from the constraints of physical storage.  Simply use the on-board RAID drives on the NitroView appliance itself, network attached storage, or a SAN -- or combinations thereof.  If you're running low on space, simply allocate additional physical storage media to the required pool, and ELM will immediately begin to utilize that additional storage.

It couldn't be any easier.  And because ELM allows this flexibility down to specific log types or sources, you can make the most efficient use of your storage.  For example, the most recent logs from your firewalls might be stored locally, while transaction logs from your PCI database servers may be stored on an external, redundant and encrypted SAN.  The ELM accommodates your needs, allowing you to get the most out of both your logs and your log manager.

NitroView ELM provides unprecedented log analysis capability, including:

  • The ability to alert security professionals based upon the contents of a log at the time of collection
  • The ability to fully parse and index log contents for ad-hoc analysis and reporting
  • The ability to perform running baselines and trend analysis on log contents, as they are collected
  • The ability to correlate log contents, and apply additional security context derived from vulnerability assessment scanners, identity and authentication systems, and other systems
  • The ability to search across all collected logs using text or regular expression searches 

In addition, any relevant e=security events include a direct link back to the original log record within the raw log file, providing one-click access to the original event source.

All logs collected and stored by NitroView ELM are fully available to the analysis and reporting functions of NitroView ESM -- including the hundreds of included compliance report templates for  PCI-DSS, HIPAA, NERC-CIP, FISMA, GLBA, SOX, and others.

Sample Reports

Reports can also be custom built using NitroView's intuitive report builder.