A log is a trace left by a flow or an event representing an action performed on computer equipement, or an active component on the IT. These events are generated on most of devices (firewalls, routers, network scanners, antivirus,…). Analyze them may become essential for different kind of requirements (legal aspect, investigations, vulnerabilities,…).

OïkiaLog provides solutions to all the issues related to log management.

For more than 10 years, OïkiaLog has invested in everything related to logs, from the way of understanding them to the presentation of the information they contain.

Logs centralization

Devices can retain the information by storing it locally or in a dedicated zone. In order to process this information, centralizing log lines is mandatory. This centralization process involves the need or log collection most of the time. There are several way of proceeding : in active mode (real time) via SYSLOG, WMI, LEA,… protocols, or in passive mode (a posteriori) via log files parsing or database queries execution.

SIM / SEM / SIEM

These three acronyms SIM (Security Information Management), SEM (Security Event Management) or SIEM (Security Information and Event Management) imply the will and the need to manage those events. OïkiaLog’s experience and expertise consist of implementing the adapted solution allowing companies to process the information.

This handling goes through several steps : first, log centralization (or collection), raw storage without change, and formatiing : in order to allow a faster and easier operation (logs are expanded and their format improved). Then, the aggregation, using filtering rules, allows to optimize information collection and storage, and correlation helps establishing the links between events to generate incident and alerts.Thus, SIEM tools are able to identify an event of a type of event causing attacks or behaviors not allowed by secury policies. The reporting phase allows to implement reports containing interesting indicators for strategic and operation decision makers. Those regular indicators enables the identification trends and allow to follow the evolution of the IT. Finally, archiving is a very important part of this kind of project. It enables log wtorage without modification (log integrity is guaranteed by signature or encryption systems) and storage of aggregated and/or formatted logs, and indicators or reports.