Presentation is loading. Please wait.

Presentation is loading. Please wait.

Centralised logging using RSYSLog

Published byWillis Lawson Modified over 6 years ago

Similar presentations

Presentation on theme: "Centralised logging using RSYSLog"— Presentation transcript:

1 Centralised logging using RSYSLog
Presented By: Winston Mphahlele I.T Department Vaal University of Technology 28 JUN 2017

2 Outline Logs. Ordinary logs. Centralised logging. RSYSlog.
Client and Central servers. Loganalyzer. Question

3 Logs Consists of list of activities performed. A typical history book.
Has a standard format, (W3C). Can be distinct such as access, error and server logs. Generally not accessible by normal users.

4 Logs Access logs Errors logs

5 Normal logs Each server generates its own logs.
Accessing and managing logs on multiple hosts can be difficult. No insights of the entire infrastructure.

6 Example Infrastructure

7 What is centralized logging
Consolidation of all your log data and push them to one central location.

8 Centralized logging

9 Why centralized logs? Real time data logs of all sever.
Real time data querying and analytics. Visualized presentation of data. A way to parse data and send them to a central database in near real-time. The capacity of the database to handle near real-time data querying and analytics. A visual representation of the data through filtered tables, dashboards, and so on.

10 RYSLog System utility providing support for message logging.
Support both local and remote logging. Fully configurable output format. Supports multi-threading. Every logged message contains at least: IP addres or server hostname. Date and time stamp. Program or process name. Severity. Message. Every logged message contains at least: IP addres or server hostname Date and time stamp Program or process name Severity Message

11 Using RSYSLog One central log server. Client logs.
MySQL, PostgreSQL, Oracle and more. Filter any part of syslog message. Front-end (Loganalyzer).

12 Client and Cental servers
Client server IP or host to forward logs. Filter logs. Central server Enable imtcp and/or imudp plugin. Setup a database. Set up a front-end(Loganalyzer).

13 Loganalyzer

14 Log source

15 Logs

16 Centralized logging with RSYSLog
Centralised troubleshooting. Centralised Auditing. Centralised Alerts or alarms. Trends and patterns by time of day, day of week. Improved infrastructure insights. Improved security.

17 Lessons learned Identify critical severs and services.
Start with the most important logs e.g error, access logs . Filter your logs e.g severity, critical. Select best protocols suitable, ideally TCP. Use IP if possible. Configure front end. Use configuration management to push. The target can be specified by DNS name or IP address. Use IP addresses for most robust operations

18 Future? Graylog2 Elasticsearch Logstash Kibana (ELK).

19 Every failure is a stepping stone to success.
Thank you Every failure is a stepping stone to success.

20 Questions

Download ppt "Centralised logging using RSYSLog"

Similar presentations

1© Copyright 2014 EMC Corporation. All rights reserved. Results Lower operating costs Expect savings of $500K over three years Foundation laid for Software-Defined.

1© Copyright 2014 EMC Corporation. All rights reserved. Results Lower operating costs Expect savings of $500K over three years Foundation laid for Software-Defined.
MONITORING TOOLS Open Source Security Tools to monitor your network.

MONITORING TOOLS Open Source Security Tools to monitor your network.
Log Monitoring, Management and Analysis with Nagios

Log Monitoring, Management and Analysis with Nagios
SYSLOG Real-Time Monitoring of System i Events. What is SYSLOG? Multi server environments are now the reality at most sites; however the number of operators.

SYSLOG Real-Time Monitoring of System i Events. What is SYSLOG? Multi server environments are now the reality at most sites; however the number of operators.
Security Guidelines and Management

Security Guidelines and Management
H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.

H-1 Network Management Network management is the process of controlling a complex data network to maximize its efficiency and productivity The overall.
OWASP Logging Project Presentation by Marc Chisinevski.

OWASP Logging Project Presentation by Marc Chisinevski.
GIS Application in Firewall Security Log Visualization Juliana Lo.

GIS Application in Firewall Security Log Visualization Juliana Lo.
LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.

LIGHT WEIGHT DIRECTORY ACCESS PROTOCOL Presented by Chaithra H.T.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Pakiti.
Vantage Report 3.0 Product Sales Guide

Vantage Report 3.0 Product Sales Guide
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.
Module 10: Monitoring ISA Server 2004. Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.
Database control Introduction. The Database control is a tool that used by the database administrator to control the database. To enter to Database control.

Database control Introduction. The Database control is a tool that used by the database administrator to control the database. To enter to Database control.
© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.
A Brief Documentation.  Provides basic information about connection, server, and client.

A Brief Documentation.  Provides basic information about connection, server, and client.
Page 1 CSISS Center for Spatial Information Science and Systems CWIC Metrics: Current and Future Weiguo Han, Liping Di, Yuanzheng Shao, Lingjun Kang Center.

Page 1 CSISS Center for Spatial Information Science and Systems CWIC Metrics: Current and Future Weiguo Han, Liping Di, Yuanzheng Shao, Lingjun Kang Center.
WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.

WWW: an Internet application Bill Chu. © Bei-Tseng Chu Aug 2000 WWW Web and HTTP WWW web is an interconnected information servers each server maintains.
Carlos Fernando Gamboa RACF, BNL HEPiX

Carlos Fernando Gamboa RACF, BNL HEPiX

Similar presentations

Ads by Google