FISMA News

Prism Microsystems Launches Log 'Knowledge Packs' For Over 200 Unix/Linux Applications

(March 31, 2007)--Prism Microsystems, announced the launch of a knowledge pack (KP) for managing events generated by over 200 Linux and Unix daemons and applications. This KP is designed to be quickly integrated with EventTracker, the company's enterprise-grade event management solution. The Linux KP adds to EventTracker's arsenal of embedded intelligence that supports a wide variety of event formats from systems, devices and applications enabling successful and continuous compliance, proactive security management and network monitoring.

The Linux KP contains predefined interpretation rules, based on regular expressions that filter out routine log entries and categorize irregular or suspicious log entries from various Unix/Linux daemons to detect patterns that might suggest an impending critical attack, security violation or ongoing threat. Personnel can be alerted in near real-time for quick resolution and management of issues. Over 200 utilities/applications are supported including apache, smtpd, and samba.

Event logs contain a wealth of information and are critical not only for maintaining audit trails and generating reports for compliance mandates but also for security and network management. However, most IT networks consist of a wide variety of applications, devices and servers, and each of these have different and obscure event formats. "Although some log management solutions address this concern by translating event formats from different sources into a normalized, proprietary format, the time factor and cost of adding knowledge for new IT initiatives is quite high, requiring expertise not only of the new initiative but often programming knowledge of the underlying log management solution" says Steve Lafferty, Vice President, Marketing, Prism Microsystems, Inc.

EventTracker solves this issue with regular expression based KPs that allow for powerful processing and correlation of events generated by various sources. These packs can be easily created and upgraded by leveraging the already existing body of event knowledge without needing any proficiency with EventTracker, resulting in rapid, low-cost and continuous build-up of event knowledge that grows with the growing IT needs of an enterprise. The Linux knowledge pack, for example, leveraged open source community initiatives, including OSSEC and Debian to quickly build application-level Linux and Unix logging support.

Regular expression based parsing also provides a more holistic and comprehensive view of event data as opposed to the normalization technique. Regular expression queries search for strings within different log formats to provide dynamic result-sets that show the user specific patterns and activities while at the same time retaining the data in its raw format as required by compliance mandates.

KPs are currently available for Operating System platforms (e.g., Windows, Solaris, Cisco, Linux etc), applications (Oracle, IIS, Citrix, SQL Server etc) and regulatory standards (SOX, PCI-DSS, HIPAA, FISMA etc). In 2007, Prism Microsystems will be significantly broadening these packs to extend event support for additional popular applications. Visit www.eventLogManager.com for more information on scalable solutions for long-term and continuous compliance, security and IT optimization

Share or bookmarklet this web page at: