unified log management server「WEEDS Log-Repository Manager Ver.5」
WEEDS Log-Repository Manager is unified log management manager which acquires logs from agent acquiring logs and firewall, router, application output.
When agent of WEEDS Trace Series acquire logs, it work up statistics, analyzes, compacts and restores log Database. Checking restored logs and audit policy registered previously/applying for business information, report "auditable log". It realizes 「mechanism which audit voluminously restored log effectively」.
Feature
| Immediateauditable report is attachable |
Regisering all sort of audit policy. It realizes reporting auditable access-log by one click. Report is defined as a daily audit report, a monthly audit report, an utilization analysis (generalized search facility log ), and start to operational audit immediately. |
|---|---|
| Repository feature corresponding massive logs. |
Partiotoning uniquely which divide table saving logs into years and days. Speed of reporting, acquiring logs, creating INDEX data, deleting logs(rotate), and so on are increased. |
| Checking automatically applying and audit policy. | Because, registry function of applying, of auditpolicy are attached, checking automatically logs,example, acquired. They lead to start auditing immediately. |
| Audit report which suitable each guide-line is attached. | Audit report which suitable each guide-line is attached. beccause of this, corresponding an external audit is solved only by introducing. |
Function Overview
Filter acquiring logs
When acquiring logs into log DB, the function which deviding “Intended audit log”and“Not intended audit log”, and backuping without "not intended audit log".
For example, exploiting like the following log operation.
| DB access (WEEDS DB-Trace) |
DB access log judges access from “batch processing at night”and“Application”as "not intended audit". How to sort by log is all sort of logs WEEDS DB-Trace get. Generally, judging Name of connected applicatioin" when accessing DB. (In case of judging by DB user ID and so on, it is possible to access by outsider who uses this ID. In this case, it is impposible to audit access.) |
|---|---|
| Updating program (WEEDS ITGC-Trace) |
Updating program logs acquires file in OS, and UNIX/Linux like OS which is undeer 「/temp」and「/proc」has abounding updating directory for example. WEEDS ITGC-Trace extracts only updating "intended audit program" which is a policy registry when reporting is no problem. The device filter acquiring logs without updating logs from above directory file into log DB for saving log DB area. |
Correcting logs/Statistics function
WEEDS Trace Series creates correcting logs and information about statistics of logs in case of acquiring logs into log DB. Log-server intended audit has less-burden.
| Correcting logs | For generating monthly audit report, restoring logs in correcting data mart(daily table) when acquiring daily logs. |
|---|---|
| Statistics of log | Acquiring access log, comparing to past-log and maintaining statistics. <WEEDS DB-Trace> ・Inform INDEX(Key) for SQL, not saving twice past SQL. ・Maintaining statistics of the number of SQL in the past day. <WEEDS WinServer-Trace、WEEDS ITGC-Trace> ・Inform INDEX(Key) for file pass, not saving twice past file pass. |
Audit policy registry function
From aboundant access log, extracting automatically logs which is not apply to policy. Definiting policy by server.
| WEEDS DB-Trace | WEEDS UNIX-Trace | WEEDS WinServer-Trace | WEEDS Windows Secure-Controll |
WEEDS ITGC-Trace | |
|---|---|---|---|---|---|
| Overtime | ● | ● | ● | ● | |
| Saturday, Sunday, | ● | ● | ● | ● | ● |
| Authorized user ID | ● | ● | ● | ● | |
| Permitting user ID | ● | ● | ● | ● | |
| Intended audit file/Table | ● | ● | ● | ● | ● |
| High loaded access | ● | ||||
| Massive data | ● | ||||
| Massive record | ● | ||||
| Available access application | ● | ||||
| Audit command | ● | ● | |||
| Long-time command | ● | ● |
Applying worl-flow
The function which checking automatically that Applying, Apploval, Log and apply leads Injustice access without applying ,“Access without applying”easily. In charge of audit and in charge of operation enable to communicate about these injustice access (including against audit policy without not appluing). It keeps injustice access as a result of audit as same as log.
※Customers who have applying system enable to customize data automatically-linkage.
Unit/Name master revistry function
Whose access is imporrtant for access audit. Defining information which access from for log is necessity. Simply indicate unit and name in audit report, audit will be easy, for example「Why access from ○○unit.」. The condition of log is that identify users in variety of guideline.
※Data automatically-linkage is possible.
Compression-log feature
Access log will ve massive volume depending on intended audit. Compression-log is necessity. However, simply compression is not enable to reger, creative is necessity.
WEEDS Log-Repository Manager, by「Acquiring log filter」function, not for saving “file pass” and “SQL sentence”doubly, generates INDEX(Key)information
keeps simply INDEX in log, reports file-pass and SQL sentence associate with INDEX.
File-pass hold a majority in operation log. Feature of file-pass is that identical is massive.
SQL sentence hold a majority in DB access log. Especially, access from application often leads identical SQL sentence. So that, Compression-log by keeping INDEX information is enable to compress 80%.
※ Maintaining statistics of SQL sentence is without search condition value which is altering in each case.
Partioning log feature
For reporting immediately log which restores massive, WEEDS Log-Repository Manager executes immediate-partioning by each log table and by year/day, and reduce record(data) in table and intend to response immediately.
Not only respons of reprt immediately, but it has also advantage that processing immediately for only DROP table which is approrpiate year and day in deleting past-data in monthly processing(deleting 13 months ago in case of keeping in DB for a year).
Backup log, delete, restore feature
It must be keep access log for 3^5years in guideline mentions.。
WEEDS Log-Repository Manager enable to keep past-log almost-permanently depending on permitting a volume of disc.
Log which enables to browse immediately for audit keeps for a year and year and a half commonly. WEEDS Log-Repository Manager names term (the number of month)which leep in logDB.
Monthly processing delete log named months and rotation log. It deletes logs which before named the number of months, and it rotates log.
Acquiring external log
It enable to acquire log not agent of WEEDS Trace Series, for example, firewall, router, entiring and leaving log, application log in logDB.(Corresponding customizing)
Sending a message automatically about audit report
Function is that sending automatically a message about audit report generated.
For example, sending report daily for betters of unit who access is auditable automatically. It leads to launch operating access-log audit smoothly.
It reduces largely burden of operation by checking in case of accesslog auditable,not by checking access log.
Encryption of log and method
Encryption of log in agent transfered, and communicate with log-server. It enable to correspond encryption of communication (like SSL) as individual immediately.
Self-encryption is adopted.(For details, please visit the following at “Product feature”.)
.
Product feature
| CorrespondingOS | Since Windows2000,Since AIX4.3.3, Since RedHat Linux3, Since Sun Solaris 7, Since HP-UX 11i,Miracle Linux、Cent OS ※Coresponding other UNIX-like immediately is possible depending on porting. |
|---|---|
| Licence system | Accounting it depending on the number of intended audit server(OS). |
| Encryption scheme | Self-encryption Encryption by double encryption key. First key has no limit the number of BIT(bare minimum 128BIT), second key has appropriative numerical sequence, 10 to 88th power. ※Avoid for cryptanalisis, Only provide the skelton of encryotionb for avoiding decryption. |
| LogDB | Oracle 10g、11g |
| Report form | Excel、CSV、html、REP(Execute form report viewer) |
| Operational screen (browsing software) | Internet Explorer7,8 |
| Acquiring external data | User master(Unit, Name), Applyiing data, Policy(Peermitting userID, calendar) |
| Transfer log protocol | Self-developed protocol(WFTP) |
| Price | Open price |
.jpg)
.jpg)