|
Product Overview
The CorreLog system works with UNIX platforms in an "agentless" mode,
without the need to install any other software component. In particular,
you can manage virtually any UNIX platform using the native Syslog
capability, simply by directing syslog messages to the CorreLog Server
site.
To extend your UNIX monitoring capability to include arbitrary log file
management, remote configuration of source filters, and data encryption,
you can install the CorreLog UNIX Agent, which usually takes under one
minute, and does not require the platform to be rebooted. After
installation, log messages will immediately begin forwarding over to the
CorreLog program, permitting data aggregations and correlation of UNIX
logs. This greatly expands your ability to proactively manage UNIX
platforms, making the CorreLog system aware of any log file on any UNIX
system.
System Features
CorreLog UNIX Agents are designed to be highly secure, non-intrusive,
and easy to deploy. These agents contain various features that enhance
your SIEM implementation by providing access to data that is not otherwise
visible, and encrypting your data transmissions to provide extra security.
Specific features are as follows:
- Monitoring of Streaming Log Files.
You can configure the agent to monitor streaming log files by name,
including log files with names derived from date and times. This leverages
your ability to instrument any log file, such as application error logs,
and other log files commonly found on UNIX platforms, with complete
syslog capability.
- File Integrity Monitoring.
You can configure UNIX agents to monitor any system file for changes,
generating a syslog message (with the content, facility, and severity
of your own selection) when the file is modified or deleted. This provides
you with visibility to changes to critical system files and directories.
Multiple files of any time, including directories, can be monitored.
- Source Filtering Of Events.
To reduce network loads or enhance security, you can implement filtering
within the agent. You can forward all messages that do not match
your configured filters, or exclude all messages except those that
match your configured filters. Multiple patch patterns can be configured,
consisting of keywords, phrases, or wildcards.
- Ability To Assign Facilities and Severities To Messages.
UNIX Agents come with pre-configured match patterns that
automatically assign reasonable values for the facility and severity
codes associated with syslog messages. Facilities and severities
can be further refined using various strategies, such as having the
agent automatically assign values based upon message content, or
explicitly matching message groups. You have complete control over message
facility and severity codes, especially useful for correlating messages
at the syslog receiver.
- Remote Configuration Utilities.
UNIX Agents provide optional support for secure remote configuration
of agent parameters. This assists with agent maintenance, permitting
you to change parameters of the agent without having to log into the
platform. Authentication is based upon encrypted passkey, source
address, or external encryption module. Remote configuration of agents
is directly supported via CorreLog Server screens, as well as by a
command line remote configuration utility suitable for batch file
operation.
- Data Encryption.
For those sites requiring the encryption of messages, CorreLog UNIX
Agents support encryption of forwarded messages using either an internal
encryption method that works with the CorreLog Server, or an external
AES-256 encryption scheme. (The AES encryption is available only to
USA customers, due to export restrictions on encryption technology). This
prevents third parties from eaves-dropping on your management data.
- Syslog API.
The UNIX Tool Set includes a "sendlog" API that allows you to send
your own arbitrary messages to CorreLog or other syslog receivers.
This allows you to construct your own monitor programs, such as via
the system "Init" facility or "crond" scheduler, useful for instrumenting
home-grown programs, or providing specialized management information
to the CorreLog Server. The "sendlog" program operates as a completely
stand-alone executable, or can work with the encryption scheme of the
main UNIX Agent.
Installation Requirements
The CorreLog UNIX Agent software runs on a variety of different platforms
including (but not limited to) Solaris, Solaris X86, AIX, HP-UX, and
all flavors of Linux (including mainframe Linux). The program does
not require Java, or any other supporting software, and requires
minimal CPU, disk space, and memory. Installation can be performed
manually via command line utilities and shell scripts, or can be
performed automatically via a variety of software distribution and
deployment systems
The CorreLog Agent software includes a ready-to-run configuration, and
50+ page CorreLog Agent User Reference Manual in Adobe PDF format.
The CorreLog Agent system is designed for extremely easy installation.
A typical installation requires less than one minute, and does not
require the host platform to be rebooted.
This software is available as a standard component of the CorreLog
Server software, and can be downloaded from the "Home" screen of the
CorreLog server.
View Other Solutions & Services...
|
