Document Ver6.0 Document Ver. 7.5.2_5 En ※ALog ConVerter is the registered trademark of AMIYA Corporation. ※Each company names and trade-marks are registered company names and names of products. ※ Mentioned products' specifications and functions may be modified for improvement without any notifications.
20
Embed
Any Log ALog EVA - AMIYAFOBAS Cloud Storage Cache Servers ※ Apache HTTP Server (Linux) IBM HTTP Server (Linux) DHCP Server (Windows) DNS Server (debug log) (Windows) Microsoft Exchange
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Document Ver6.0Document Ver. 7.5.2_5 En
※ALog ConVerter is the registered trademark of AMIYA Corporation.※Each company names and trade-marks are registered company names and names of products.※ Mentioned products' specifications and functions may be modified for improvement without any notifications.
ALog EVA plays an active role as a "data bank of records". In recent years, it has also been used as a data set (Preprocessing for organizing data) and analysis platform for AI and big data.
- Specify the person who deletes Vital data
- Copy History of confidential data
- Understanding external attacks- Unauthorized app user discovery
- Over time work Ranking - Detect Neglect of Duty
- Factory Censor - Water Quality Research - Temperature control
IoT
- Automobile Travel Data- Physical measurement- Medical Records Data
ALog EVA Field
Internal Fraud
Work Style Reform
Cyber Attack AI/Big data
Wireless LAN
- All record for Connection- Detect un registered device Access
Our experience gathering log data from a diverse range of devices has allowed us to provide a multitude of standard mapping templates. ALog EVA features intuitive GUI and easy settings.
Search and report functions come standard.
The GUI is uniform across the series to ensure ease of administration across programs.
Save locations are shared.
Saves data simply and efficiently.
Our years of expertise have gone into converting stored data into useful logs. Cost
Performance
Log recording and data storage shouldn’t be so expensive!
We offer long-term use of our programs at prices that are as affordable as possible.
The ALog EVA Advantage
Search and report functions are standard
Clear visuals and ease of use
From storage only…Security Privilege has divided to new Log On Subject: Security ID AMIYADEMODC\Administrator Account Name: administrator Account Domain: AMIYADEMODC Log On ID: 0x8FE064 Security Privilege Take Ownership Privilege Load Driver Privilege Backup Privilege Restore Privilege ………… ...to useful data.
Manage log data using the ALog Series common interface. The unified GUI performs search and reporting functions, allowing log management from multiple sources.
Unified Formatting
Report Output
• Uniform management of multiple log types• Threshold-based alert notifications• Combined search and scheduled reporting
Automatic unification of time formatUnify various types of time formats into a single time format automatically. There is no need to convert each definition, it is easy to collect logs from multiple products.
Need to fix all the time formats even though they
are the same date…
Automatically convert into a single unified Time format
A major logistics CT company where information leaks from employees were discovered.For recurrence prevention - File access to server - File export on PC was monitored.
To detect and trace customer’s system and network trouble shooting. - Unified log from Multiple devices - Aggregate administrator’s setting change record
Unified record and management for administrator’s operation by using EVA.
Internet Servicer
CASE
3
Application
Switch
Firewall
PC
Server
You can specify virus infected areaComprehend trouble cause
A major distribution center Information leakage has been occurred by internal fraud at one of major distribution centers. In order to prevent the recurrence of the incident, MIS established the log management process focused on “Protection of Confidentiality”, “Privileged account management”, “data leakage onto the external devices”.
ALog EVA Selection Point
If the customer is already collection log from File server access log and DB access log, by enable the ALog EVA, it it very easy to expand the collection targets and simple for implementation.
Record the outgoing of web mail attachment via a proxy server.
Record the data file duplication onto the USB devices via PC log.
Record all access events to the confidential data on a file server.
Record all logon/logoff events of privileged users on a DB server.
Access to confidential data must be recorded !
ALog EVA
Especially access by privileged users must be traced !
ALog ConVerter
Every event regarding access to external devices must be Recorded !
*Logs are transferred from target devices to the ALog manager server, and then received on by the manager server side. The syslog server (Kiwi Syslog Server, etc.) must be configured as a manager server.
System Flow
Conversion processing
Access log
Mapping definition
① Windows File Sharing (e.g. NAS Server)
Log transfer
Log search
Log storage②SCP Transfers via SSHD (e.g. Linux Server)
Logs gathered
③Syslog Transfers From Target Devices*
(e.g. Network Devices)
Manager ServerTarget Device
Logs gathered
• File compression allows long-term storage • Data encryption prevents tampering • DB storage duration can be set to any period • File output by device (Easy coordination with other systems)
Points
syslog server
Copyright AMIYA Corporation All Rights Reserved. !19
Hard ware Requirements - Manager Server
Windows Server 2008 (x64) / 2008R2 / 2012 / 2012R2 / 2016 / 2019
8GB, or higher (16GB, or higher is recommended)
500GBor higher disk space.
*32bit version OS is not supported *Service pack of each OS(SP)is supported*Each edition of (Standard / Enterprise / Datacenter)supported
Dual Core, or higher (Quad Core or above is recommended)
.NET Framework 4.6 or later versionEither of following web browser
- Internet Explorer 10 or later version - Firefox version 40 or later version - Google Chrome version 44 or later version
Software:
ALog EVA
*There is a case that more disk space is required depending on the number of the target server and access log storing term.
Obtainable log type
ALog EVA is available to obtain log data which is output with Windows Event Log, syslog and text file (with separated value such as csv).
Log files can be obtained from uncompressed files, ZIP files (Deflata32), and compressed files in gz and bz2 file formats.
Text file needs to be encoded with UTF-8, UTF16 or the other encoding which is supported by .NET Framework.
The following type of log is not available to obtain with ALog EVA. - Fixed-length format - binary file - Encrypted file
In case that syslog server is needed
Syslog server is needed aside ALog EVA when it is not available to share log data with Windows file sharing(CIFS). *Verified Syslog server software : Kiwi Syslog server (not free version
If you use a Syslog server, you must meet the requirements for operating the Syslog server. Please confirm on maker homepage