The Emerging World of Syslog Analysis
May 28th, 2010 . by adminSyslog analysis is emerging as a new form of managed security services in which managed security services providers collect and analyze syslog records for suspicious activity patterns. Syslog itself is used to audit messages specifically for security purposes and to analyze and debug messages in general.
Syslog analysis may be approached in a couple of different ways. An IT administrator could perform syslog analysis by searching the system for error messages such as “repeated login failures” that indicate suspicious behavior, but that would assume knowledge of all such indicators. The administrator would have to generate a list of questionable indicators beforehand.
The other syslog analysis method takes the opposite approach. List all normal system behaviors and ignore them when performing syslog analysis. Sounds much simpler, doesn’t it?
Regardless of approach, syslog analysis is developing into an important tool for managing IT threats and complying with government regulations such as the Health Insurance Portability and Accountability Act (HIPAA), the Gramm Leach Bliley (GLBA) and Sarbanes Oxley Acts (SOX) and Payment Card Industry Data Security Standards (PCI).
Of course, the importance of system performance management cannot be overstated. Syslog analysis enables IT administrators to troubleshoot for problems across the network. Effective analysis reduces network downtime, increases performance and tightens up security.
Some syslog analysis programs generate reports that easily identify user and hardware issues. These reports filter data by log message, user, event ID and event type or severity and can be stored on the system indefinitely for future reference. HIPAA, GLBA, SOX and PCI compliance procedures depend upon this information to prevent the abuse of personal data.
Reports prepared for HIPAA, GLBA, SOX and PCI compliance audits can be customized according to the requirements of the specific regulations. Likewise, any suspicious network behavior revealed by these reports is brought out into the open for investigation.
