OnDemand Log Management: Now supporting syslog, agent less collection and more

Hello everyone!

 

Summer days are going by fast and so we are adding new features to the OnDemand Log Management service destined to help you comply with IT regulations, stay on top of changes to critical IT resources and detect and react to security issues. This time we're proud to announce availability of the following exciting features:

 

1. Syslog-enabled devices support

 

As you might know all systems, devices and applications that happen to store, exchange or transmit card holder data are subject to PCI DSS compliance. According to the Section 10 of the PCI DSS mandate all logs from such systems must be collected, preserved and reviewed on a regular basis. Perimeter security devices are no exception from this rule. Manually dealing with each model of network devices from different vendors that happen to be wiring your network could be a nightmare. Luckily, OnDemand Log Management added support for syslog data which helps cover a wide range of devices, systems and applications to make achieving compliance easier.

 

What types of devices and systems are now supported?

 

Every network or security device that can stream its events to a syslog proxy is now supported. That included but not limited to the following classes of devices:

  • Routers and switches
  • VPNs
  • Firewalls
  • Intrusion detection and prevention systems

Syslog support is not limited to any particular vendor or device model. As long as any of the wide known syslog implementations like syslogd, syslog-ng and rsyslog is a part of the device's underlying operating system you can hook it up with OnDemand Log Management. If you are a lucky owner of network and security device products from Cisco, 3COM, Linksys and Netgear there is a good chance that you're covered. To start using this new functionality just take the following easy steps:

  • Download and install the updated agent to a computer which will be acting as a syslog proxy for collecting events from syslog-enabled systems and devices
  • Set the syslog-enabled devices to forward their events to the agent’s listening port 514 and ip address
  • Make sure that configured devices appear in the "Audit status by Computer" dashboard and associated table
  • Check out events coming from the devices by running the recently added pre-defined search "All syslog data for the last 24 hours"

See the device's documentation to find out how it can be configured to forward its syslog to a remote syslog server.

 

2. Hub agents

 

Simply stated, now one agent (thus called hub agent) can remotely collect events from several computers on the same network. Hub agents perfectly fit to dynamic environments where both a set of computers and event logs may be changing over time yet the hub agents will be picking them all up. We noticed that there are at least two use cases where this feature may be useful.

  1. Managed Service Providers or independent consultants don’t have time to deal with client changing infrastructure and want a true "set it and forget it" solution. Now you can put together a file which will contain a varying list of devices and computers and let the hub agent pick their event logs up as they come online. You’ll be charged only for the computers and devices you ended up gathering events from!
  2. In closed security boundary environments agent installation might be prohibited or agents might not be allowed to have an outbound connection to the Internet. In this case you can get by installing a dedicated box with the hub agent and having it collect logs from such systems remotely. The hub agent will then concentrate remote logs and send them to the cloud leveraging a better compression and same proven data encryption along the way.

 

3. Easier navigation through the user interface

 

We keep on treating usability and ease of use as the top priority for our users. As you notice next time you log into OnDemand Log Management we made some changes to the UI design to simplify the initial user experience and streamline ongoing navigation through different parts of the UI. With this update you get:

  • Simplified agent installation wizard
  • Dedicated links for favorites and pre-defined searches
  • Easier way to start a new search

Have ideas how we can improve the service to better fit your needs? Have questions on the existing product features? Do not hesitate to shoot us email or engage with one of the product specialist using our recently added Online Chat. Just click the help icon and choose the feedback option that works better for you. Let us know. Log Management Team.

Return to OnDemand Log Management

About the Author