Organizations spend a huge part of their budgets on IT security solutions (SIEM, ISD, IPS, IDM, DLP) to be secure and compliant, so they are motivated to protect their investment by optimizing these IT tools. The basis for evaluating and analyzing their IT security operations are the logs containing the details about what is happening in the IT system. For instance, banks need to do forensics on a daily basis for fraud detection purposes, as security incidents, initiated from both external and internal sources, should be investigated. Telco companies also cannot afford losing any evidence kept in log files. In addition, most compliance regulations require the collection of logs in a closed system.
“As IT security analysis are only as good as the data collected from network devices and applications, the importance of accurate collection and storage of log messages cannot be overemphasized. There are many cases in which log messages could be lost, such as an application crash, restart, the disk where we store logs is full or not available, or during a network failure. The new syslog-ng Premium Edition 4 F2 ensures Zero Message Loss through the Reliable Log Transfer Protocol (RLTP)TM technology so that valuable information is protected,” – said Zoltán Györkő, Business Development Director at BalaBit IT Security.
Key new features of syslog-ng Premium Edition 4 F2
– Ensures Zero Message Loss
— By using Reliable Log Transfer Protocol (RLTP)TM on client, relay and server side it prevents message loss during connection breaks. The new RLTPTM transfer protocol detects the last received message on the receiving end and than starts resending messages from that point.
— The Reliable Disk-based Buffering prevents log message loss when unexpected events happen causing extended connection breakdown. It is capable of storing a copy of log messages as a backup until the destination computer has acknowledged receipt of messages. It provides a slower, but reliable disk-buffer option.
— Flow control is be used to control and optimize the log traffic from end to end. Flow control dynamically handles the peak message rate and together with RLTPTM ensures that all log messages sent by the client arrive to the server.
– Native collection and processing of log messages from SQL databases enabling users to easily manage log messages from a wide variety of enterprise software and custom applications.
– AIX 7.1 platform is now supported
About syslog-ng log server
BalaBit has been developing the open source syslog-ng trusted logging tool for more than 14 years. During this time it became the de facto industry standard for logging and is used by 650 000 companies world-wide, such as Boeing, Credigen Bank, Data Path, Fiducia IT AG, NASA and Svenska Handelsbanken. The syslog-ng project is a continuous community effort to create the best system logging and log processing tool. The project is an advocate and early adopter of open standards, including the syslog RFCs developed by the IETF and the Common Event Expression (CEE) message-description standard of the MITRE Corporation.
The syslog-ng Premium Edition application builds on the core of the popular open source version, offering advanced features like encrypted and time stamped log files, disk-based buffering, direct database access, and agents for the Microsoft Windows and IBM System i platforms. It allows system administrators and security experts to build a trusted, centralized logging infrastructure for reviewing and auditing the log messages of over 40 platforms. The syslog-ng solution incorporates the functions of clients, relays, and servers into a trusted, multi-platform logging infrastructure. It collects and classifies the log messages of operating systems and applications and transfers them to the high-performance log server in an encrypted and reliable channel where the messages can be processed further and stored in secure, encrypted files or databases. Supporting reliable transport protocols, message buffering, and client-side failover, syslog-ng minimizes the risk of message loss, thus suiting compliance requirements, such as PCI-DSS.
BalaBit IT Security
+36 1 371 0540
Contact via Email
Click here to read the full story: BalaBit’s New syslog-ng Premium Edition 4 F2 Helps to Avoid Losing Any Evidence from Your IT System