LHCb Logging System Nikolaidis Fotis ( fotis.nikolaidis @ cern.ch ) University Of Crete, Greece A computer log is a diary or archive of events, in this case generated by a computer system or systems. In the late- 23rd century, Federation starships were equipped with a "black box" that stored computer logs. The logs could be used in criminal investigations or to determine the cause of a lost ship. Computer logs were for official purposes only and were available to authorities only under specific legal circumstances or court- order.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
LHCb Logging System
Nikolaidis Fotis ( fotis.nikolaidis @ cern.ch )University Of Crete, Greece
A computer log is a diary or archive of events, in this case generated by a computer system or systems. In the late- 23rd century, Federation starships were equipped with a "black box" that stored computer logs. The logs could be used in criminal investigations or to determine the cause of a lost ship. Computer logs were for official purposes only and were available to authorities only under specific legal circumstances or court-order.
Sources Web Servers Gateways Network Components Farm Nodes PVSS FMC
Is a High performance, scalable software server written in C/C++ and Python.
Index and Normalize logs (disk fail , disk error are the same)
Can be combined with with Ossec, Snort and other IDS via plugins
Does not need an external Database.
Splunk - Features
Advanced search Regular Expressions / Time Windows
Runtime statistical analysis Extensible
Modules, Patterns Dashboards
Splunk - More Features
Can correlate events of different hosts/formats Supports many log formats out of the box
(For non standard logs such as FMC configuration is needed)
If run on CLI , can be integrated to scripts
Have a closer look here ...
The first line is excludedThe second line is now the first
Who is keeping ssh busy ? ;p
New Patterns can be generated almost automatically
Internal Information
OSSEC
OSSEC
Open Source Host-based Intrusion Detection System.
Log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
OSSEC
Analyzes incoming logs runtime and reacts if needed
Every event can be ranked with a value [1-14] If event > mailRank , send a mail If event > scriptRank , execute a script Rules are defined in XML files