Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, August 20, 2010

WAN Log File Data Collection Heads for Standardization

The upcoming LogLogic 5 release from log vendor LogLogic is aiming to expand that visibility with a universal collection framework for disparate log data coming across a WAN.  Specifically, LogLogic is working to create a new standard protocol for log data transmission that could change the way enterprise collect and analyze that data.

“The Universal Collection Framework lets us pull in all the IT data within an infrastructure, and a key part of that is the Universal Log Data Protocol (ULDP) that we’ve created,” LogLogic CTO Stephen Manley told  Manley added that the ULDP subset of the Universal Collection Framework, in its first release with LogLogic 5, is all about enabling WAN awareness of log data.

He said that encryption and compression are part of the protocol, as is reliable acknowledgment that log data has been received and committed to stable storage.

Manley added that in its first release of ULDP, LogLogic is not supporting the IF-MAP standard, which is being used by security vendors to pass log event data across devices for access control.

“The idea of a standardized protocol for transporting and storing log data sounds good in theory, but it’s unrealistic given the hundreds of different types of log sources and vendors,” Mike Reagan, vice president of marketing at LogRhythm, told  “Standardization would make it easier for the log management or SIEM vendor, but the positive impact on the end customer is hard to see given the widespread collection and transportation capabilities that exist today.”

The LogLogic 5 solution which is scheduled to be available at the end of the third quarter, will also mark a shift in the underlying operating system technology used by LogLogic.

The LogLogic solution is a hardware appliance that to date has used a Linux base—actually a custom derivative of the CentOS Red Hat Enterprise Linux clone, Manley said.

Posted on 08/20