6. Log monitoring


Punch that stick into gear number six! Now we're talking business. This is the level where you know what kind of environment you're living in, you know which logs are being collected, you know they are the right ones, and you know your filters work. You probably have alerts and alarms in place. Correlation of logs from different devices are in place and dashboards blink and beep at your 24/7 SOC. Your data centers are equipped with log collectors which are filtered into easily translated dashboards or lists with relevant information displayed on screens in the SOC. Events that are important, but not enough to be displayed on those screens, result in alerts that shows up in your monitoring software, and maybe even ticketing system. In some cases everything is connected to your central configuration management database. Backups are stored off site in a tamper proof environment. Reports are easily retrievable in case of need. Some of them are automatically sent to your management team and others to various technical teams. When auditors come in you press a button and give them your compliance report. If something out of order happens your SOC alerts on call personnel to solve problems that are not possible for the NOC to straighten out.

Comments

Post a Comment

Popular posts from this blog

Overhead lines

Image
One would think that in a climate such as this in southern Australia someone would come up with a better idea than keeping all lines (cable, electricity, telephone etc) up in the air. The wind can be pretty furious at times and city planners insist on planting trees which are known to grow over time. No doubt arborists are having fun coming up with ideas how to keep city planners and power utility companies happy. Once upon a time these cables were drawn in a similar way in Stockholm, where I have lived most of my life. At some point the phone companies decided this wasn't going to work in the long run. IMHO it would make sense to dig ditches into the ground and place all cables there (at least in the cities). Of course it will cost, but I also believe there is an algorithm that will give a number that will turn black a few years time after investment (ROI). Until then I will walk around this country with a smile on my face looking at the funny trees growing along city ...
Read more

Links for August 19th 2009

So the first signs of fall appeared today. First day in weeks I couldn't tak the bike to work. Schools stated today and hence I had to take my older boy to school in the car. Ah well, all good things must come to an end. Maybe I will have the time to take apart the bike and customize it in the ways I always planned to. Or maybe it'll just come to taking out the battery for witner care, as usual. But I'll keep on dreaming. Hacks: Social skills are as important as programming knowledge when it comes to penteration testing [or it could be used in malicious ways of course, but we don't, ringht?] and the creativity amongst people obtaining knowledge never ends to stun me. Hacks: Ethical hackning seems to be popular title to hide behind. Here's a security primer on how things can be done, written in proper English and not the hacker jibberish nerds speak. Hacks: More on social skills , or sort of. How do you use your mail? Do you have different mail accounts for diff...
Read more

R.I.P. Google Reader

For years my preferred application for reading RSS-feeds has been Google Reader. It has proven reliable, fast and most of all - clean in its interface. No clutter, pix or ads. Just plain information from sources of my choice. Now Google has decided to call it quits. Sad day. Call me an information junkie, and I'm fine with it. But I am a bit baffled by the comments on this decision to lay Reader to rest. An amazing majority of comments seem to be asking the question: is RSS an outdated technology? Really? What else is out there in terms of gathering information/news/updates/searches in one application, keeping this in one application, in one unified format? Facebook sucks with its censorship. Tumbler... oh well... no. I am terribly sorry, I just can't think of anything else to use. Here are some thoughts on Reader from Gigaom interview with Chris Wetherell. So I switched to Vienna . It seems to do the job fast and relatively clutter free. I'll go with that for a whil...
Read more