Solution brief (PDF)

Product sheet (PDF)

Product description (PDF)

Request information

Download now

Request technical session

Subscribe to newsletter

Alliance LogAgent for System i - extending syslog to OS/400 and i5/OS

 

Syslog-ng Premium Edition

System logging as a key infrastructure decision

A good logging infrastructure is a key element in the network security of companies. Development of syslog-ng started because no tool existed that could satisfy the requirements of organizations maintaining large IT networks. The syslog-ng (New Generation) application is an alternative for syslogd,  the default system logger component of Unix systems, and has solved the problems of tens of thousands of organizations, ranging from industrial companies to governmental institutes. The syslog-ng application has been the most widespread alternative system logging application of the UNIX/Linux world for the last ten years, and now it can collect logs from Microsoft Windows and IBM System i platforms as well. It embodies the next generation of logging systems, and is the first truly flexible and scalable system logging tool. The syslog-ng Premium Edition solution is the product you have been looking for if you need a logging application that:

  • Guarantees the availability of log messages
  • Is compatible with a wide range of operating systems, including several Unix and Windows versions, and IBM Enterprise servers
  • Can be used in environments having strong perimeter defense
  • Has already proven its worth and reliability, and
  • Provides extraordinary flexibility for tracing system events

[Request more information]

Typical Enterprise users

Log messages contain information about the events happening on host systems. Monitoring system events is essential for security and system health monitoring reasons. Many syslog messages contain unimportant information: syslog-ng helps you to select only the really interesting messages, and forward them to a central server. Company policies or regulations often require log messages be archived: storing the important messages in a central location greatly simplifies this process.

The syslog-ng application is used worldwide by companies and institutions who collect and manage the logs of several hosts, and want to store them in a centralized, organized way. Using syslog-ng is particularly advantageous for:

  • Enterprise customers with complex networks and heterogeneous platforms
  • Retail, Medical, and Financial institutions and companies requiring regulatory compliance
  • Internet Service Providers
  • Datacenters
  • Server, web, and application hosting companies
  • Wide area network (WAN) operators
  • Server farm administrators

Product features and benefits

The syslog-ng Premium Edition solution provides a number of features and benefits above the standard open source syslog-ng solution. These include:

  • Reliable log transfer with TCP
  • Secure logging transfer using SSL/TLS
  • Disk-based message buffering
  • Flexible message filtering and sorting
  • Direct database access for log storage
  • Flow-control
  • Heterogeneous environments
  • Agent for Microsoft Windows platforms
    Agent for IBM System i (AS/400, iSeries) platforms
  • IPv4 and IPv6 support

Enterprise customers attempting to meet the multiple demands of complex networks, regulatory compliance, and heterogeneous systems and platforms can benefit from these additional features.

[View product data sheet (PDF)]


PCI, HIPAA, GLBA and Sarbanes-Oxley (SOX) regulatory compliance

Many companies must meet IT system security regulations in their industry segment. Merchants accepting credit cards are required to meet the Payment Card Industry (PCI) Data Security Standards (PCI DSS). Section 10 of the PCI standard require that Merchants monitor system logs and networks. Medical providers must comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy and security requirements. This includes having a documented network security plan. Banking and Financial companies are required to meet IT security guidelines as a part of the Gramm-Leach-Bliley Act (GLBA). And public companies must insure adequate IT security procedures as a part of section 404 of the Sarbanes-Oxley Act (SOX or SarBox).

Many companies must comply with a variety of these regulations. The syslog-ng Premium Edition application helps meet the system logging requirements by implementing secure, reliable, scalable, and redundant system log consolidation.

How syslog-ng works

The syslog-ng application reads incoming messages and forwards them to the selected destinations. The syslog-ng application can receive messages from system log files, remote hosts, and other sources. Log messages enter syslog-ng in one of the defined sources, and are sent to one or more destinations. Sources and destinations are independent objects - log paths define what syslog-ng does with a message, connecting the sources to the destinations. A log path consists of one or more sources and one or more destinations.  Messages arriving on a source are sent to every destination listed in the log path. Log paths can include message filters. Filters are rules that select only certain messages, for example, selecting only messages sent by a specific application. If a log path includes filters, syslog-ng sends only the messages satisfying the filter rules to the destinations set in the log path.

The following procedure illustrates the route of a system log message from its source on the syslog-ng client to its final destination on the central syslog-ng server.

  1. A network device, web application, or business application sends a log message to a source on the syslog-ng client. For example, an Apache web server running on Linux enters a message into the /var/log/apache file, or an application running on Windows enters a message into the Windows Eventlog.
  1. The syslog-ng client running reads the message from its /var/log/apache or Windows Eventlog source.
  1. The syslog-ng client processes the first log statement that includes the /var/log/apache or the Eventlog source.
  1. The syslog-ng client compares the message to the filters of the log statement (if any). If the message complies with all filter rules, syslog-ng sends the message to the destinations set in the log path, for example, to the remote syslog-ng collection server.
  1. The syslog-ng client processes the next log statement that includes the source of the message, repeating Steps 3-4.
  1. The message sent by the syslog-ng client arrive to a source definition defined in the syslog-ng collection server.
  1. The syslog-ng collection server reads the message from its source and processes the first log path that includes that source.
  1. The syslog-ng server compares the message to the filters of the log path (if any). If the message complies with all filter rules, syslog-ng sends the message to the defined destinations (database, log file, etc.).
  1. The syslog-ng server processes the next log statement, repeating Steps 7-9.

[View product description (PDF)]

Reliable log transfer

The syslog-ng application enables you to send the log messages of your client hosts and PCs to remote collection servers. The logs of different client systems are stored centrally on a dedicated log collection server. Transferring log messages using the TCP protocol ensures that no messages are lost.

Secure logging using SSL/TLS

System log messages may contain sensitive information that should not be accessed by third parties. Therefore, syslog-ng Premium Edition uses the Transport Layer Security (TLS) protocol to encrypt the communication session. TLS also allows the mutual authentication of the host and the server using X.509 certificates. You are protected from the loss of sensitive data and from the unauthorized insertion of false system log records.

Disk-based message buffering

The Premium Edition of syslog-ng stores messages on the local hard disk if the central log collection server becomes unavailable or the network connection fails. The syslog-ng client application automatically sends the stored messages to the central collection server when the connection is reestablished. The messages are sent in the same order that messages were generated. The local disk buffer is persistent – no messages are lost even if syslog-ng is restarted. Many compliance regulations, such as Sarbanes-Oxley, require a complete and unaltered audit trail of system activity. With disk buffering you can be sure that system log messages are not lost due to network or system failures.

Flexible message filtering and sorting

The syslog-ng application can sort the incoming log messages based on their content and various parameters like the source host, application, and priority. Directories, files, and database tables can be created dynamically using macros. Complex filtering using regular expressions and Boolean operators offers almost unlimited flexibility to forward only the important log messages to the selected destinations. 

[View solution brief (PDF)]

Direct database access

Storing your log messages in a database allows you to easily search and query the messages and interoperate with log analysis applications. The Premium Edition of syslog-ng supports the following databases:

The syslog-ng Premium Edition application can simultaneously store messages in a relational database system and in standard text system log files. This means you can easily deploy a variety of Security Information Management (SIM) and Log analysis and alerting solutions using one common log message architecture.

Flow-control

Communications flow-control implements a user-defined control window to determine if there is free space in the output buffer for new messages. If the output buffer is full, then the destination cannot accept new messages for some reason. For example, it is overloaded, or the network connection became unavailable. In such cases, syslog-ng stops reading syslog messages from the local source until the queued messages have been successfully sent to the destination.

Heterogeneous environments

The syslog-ng application is the ideal choice to collect logs in massively heterogeneous environments using several different operating systems and hardware platforms, including Linux, Windows, BSD, Sun Solaris, HP-UX, IBM AIX, and IBM System i (also known as AS/400 and iSeries).

Agent for Microsoft Windows platforms

The syslog-ng agent for Windows is a log collector and forwarder application for the Microsoft Windows platform. It collects the log messages in real time from Windows event log groups and log files and forwards them to a syslog-ng server using regular or TLS-encrypted TCP connections. The syslog-ng Windows agent runs as a service and automatically starts with the Windows server or PC is started. The Windows syslog-ng agent is configured from a native Windows interface.

Agent for IBM System I (AS/400 and iSeries)

The syslog-ng agent for IBM System i is a log collector and forwarder application for the IBM i5/OS and OS/400 platform. It collects the log messages from the security audit journal QAUDJRN and system operator console and forwards them in syslog message format to a syslog-ng server using regular or TLS-encrypted TCP connections. Syslog-ng Premium Edition runs in an i5/OS environment to collect Apache, OpenSSH, PHP, MySQL and other system logs.

IPv4 and IPv6 support

The syslog-ng application can operate in both IPv4 and IPv6 network environments. It can receive and send messages to both types of networks.

Supported platforms

The syslog-ng Premium Edition application supports several architectures, including x86, x86_64, IBM PowerPC, and SUN SPARC on a variety of operating systems: Linux, BSD, Sun Solaris, IBM AIX, HP-UX, IBM System I, and Microsoft Windows.

Supported sources and destinations

The syslog-ng Premium Edition application can receive log messages from the following sources:

  • Local applications and processes sending messages to UNIX domain sockets, named pipes, or plain text syslog files.
  • Remote clients sending traditional syslog messages (as described in RFC3164) over IPv4 and IPv6 networks.
  • Remote clients using an extended, TCP-based syslog protocol (similar to RFC3164) over IPv4 and IPv6 networks.

The syslog-ng Premium Edition application can send log messages to the following destinations:

  • Plain text syslog files.
  • Local processes using UNIX domain sockets, named pipes, or simple pipes.
  • Remote syslog-ng servers using the traditional or the extended syslog protocol over IPv4 and IPv6 networks.
  • User-terminal.

Product support

Enterprise product technical support, including an extended 7x24 option, is available.

Licensing

The syslog-ng Premium Edition application is licensed on a per-host basis: the syslog-ng server accepts connections from the maximum number of individual hosts specified in its license file. Buying a syslog-ng server license permits you to perform the following:

  • Install the syslog-ng application in server mode to a single host. This host acts as the central log server of the network.
  • Install the syslog-ng application in relay mode at any point in your network.
  • Install the syslog-ng application in client mode on host computers to client system logs.

The total number of hosts permitted to run syslog-ng in relay or client mode is limited by the syslog-ng server license. The client and relay hosts may use any operating system supported by syslog-ng.

Free evaluation version

Install and test syslog-ng Premium Edition to make sure that it perfectly suits your needs.

[Request an evaluation]

Patrick Townsend & Associates, Inc. is a partner with BalaBit IT Security of Budapest, Hungary, for sales and support in North America and selected world markets.

[Request information]

 

Home l Products l Industries l Partners l Support l Search l Technology l Customers l Contact l Legal/Privacy