Spelling suggestions: "subject:"oog managemement"" "subject:"oog managementment""
1 |
Zvýšení bezpečnosti nasazením SIEM systému v prostředí malého poskytovatele internetu / Security Enhancement Deploying SIEM in a Small ISP EnvironmentBělousov, Petr January 2019 (has links)
Diplomová práce se zaměřuje na zvýšení bezpečnosti v prostředí malého poskytovatele internetu nasazením SIEM systému. Dostupné systémy jsou porovnány a zhodnoceny v souladu s požadavky zadávající firmy. Projekt nasazení systému SIEM je navržen, implementován a zhodnocen v souladu s unikátním prostředím firmy.
|
2 |
A structured approach to selecting the most suitable log management system for an organizationKristiansson Herrera, Lucas January 2020 (has links)
With the advent of digitalization, a typical organization today will contain an ecosystem of servers, databases, and other components. These systems can produce large volumes of log data on a daily basis. By using a log management system (LMS) for collecting, structuring and analyzing these log events, an organization could benefit in their services. The primary intent with this thesis is to construct a decision model that will aid organizations in finding a LMS that most fit their needs. To construct such a model, a number of log management products are investigated that are both proprietary and open source. Furthermore, good practices of handling log data are investigated by reading various papers and books on the subject. The result is a decision model that can be used by an organization for preparing, implementing, maintaining and choosing a LMS. The decision model makes an attempt to quantify various properties such as product features, but the LMSs it suggests should mostly be seen as a decision basis. In order to make the decision model more comprehensive and usable, more products should be included in the model and other factors that could play a part in finding a suitable LMS should be investigated.
|
3 |
[en] AN ARCHITECTURE FOR REAL TIME LOG EVENTS PROCESSING / [pt] UMA ARQUITETURA PARA PROCESSAMENTO DE EVENTOS DE LOG EM TEMPO REALRICARDO GOMES CLEMENTE 10 December 2008 (has links)
[pt] Logs são, atualmente, riquíssima fonte de informação para
administradores
de sistemas e analistas de negócio. Em ambientes com grande
volume de acesso e
infra-estrutura de centenas de servidores, processar toda a
informação gerada e
correlacioná-la com o objetivo de identificar situações de
interesse técnico e de
negócio em tempo real, é considerado um grande desafio.
Nesse sentido, são
explicados tanto os conceitos relacionados aos arquivos de
log e aos sistemas que
se propõem a gerenciá-los, quanto os métodos e ferramentas
de correlação de
eventos em tempo real, para que, então, seja proposta uma
arquitetura de sistema
capaz de lidar com o desafio citado. Por fim, um protótipo
é desenvolvido e uma
prova de conceito baseada em um caso real de uso é
realizada. / [en] Logs are, nowadays, a rich source of information for system
administrators
and business analysts. In environments with a high access
volume and hundreds
of servers, to process every generated information and
correlate it, in order to
identify interesting technical and business situations in
real time, is considered a
challenge. Considering that, concepts related to log files
and systems that aim to
manage it, besides methods and tools for real time event
correlation are presented,
in order to propose a system architecture capable of
overcoming the stated
challenge. At last, a prototype is developed and a concept
prove based on a real
case is done.
|
4 |
Investigation and Implementation of a Log Management and Analysis Framework for the Treatment Planning System RayStationNorrby, Elias January 2018 (has links)
The purpose of this thesis is to investigate and implement a framework for log management and analysis tailored to the treatment planning system (TPS) RayStation. A TPS is a highly advanced software package used in radiation oncology clinics, and the complexity of the software makes writing robust code challenging. Although the product is tested rigorously during development, bugs are present in released software. The purpose of the the framework is to allow the RayStation development team insight into errors encountered in clinics by centralizing log file data recorded at clinics around the world. A framework based on the Elastic stack, a suite of open-source products, is proposed, addressing a set of known issues described as the access problem, the processing problem, and the analysis problem. Firstly, log files are stored locally on each machine running RayStation, some of which may not be connected to the Internet. Gaining access to the data is further complicated by legal frameworks such as HIPAA and GDPR that put constraints on how clinic data can be handled. The framework allows for access to the files while respecting these constraints. Secondly, log files are written in several different formats. The framework is flexible enough to process files of multiple different formats and consistently extracts relevant information. Thirdly, the framework offers comprehensive tools for analyzing the collected data. Deployed in-house on a set of 38 machines used by the RayStation development team, the framework was demonstrated to offer solutions to each of the listed problems.
|
5 |
Logghantering : En undersökning av logghantering och logghanteringssystemFlodin, Anton January 2016 (has links)
This research includes a review of the log management of the company Telia. The research has also included a comparison of the two log management sys- tems Splunk and ELK. The review of the company’s log management shows that log messages are being stored in files on a hard drive that can be accessed through the network. The log messages are system-specific. ELK is able to fetch log messages of different formats simultaneously, but this feature is not possible in Splunk where the process of uploading log messages has to be re- peated for log messages that have different formats. Both systems store log messages through a file system on a hard drive, where the systems are installed. In networks that involve multiple servers, ELK is distributing the log messages between the servers. Thus, the workload to perform searches and storing large amounts of data is reduced. Using Splunk in networks can also reduce the workload. This is done by using forwarders that send the log messages to one or multiple central servers which stores the messages. Searches of log messages in Splunk are performed by using a graphical interface. Searches in ELK is done by using a REST-API which can be used by external systems as well, to retrieve search results. Splunk also has a REST-API that can be used by external sys- tems to receive search results. The research revealed that ELK had a lower search time than Splunk. However, no method was found that could be used to measure the indexing time of ELK, which meant that no comparison could be made with respect to the indexing time for Splunk. For future work there should be an investigation whether there is any possibility to measure the indexing time of ELK. Another recommendation is to include more log management sys- tem in the research to improve the results that may be suitable candidates for the company Telia. An improvement suggestion as well, is to do performance tests in a network with multiple servers and thereby draw conclusions how the performance is in practice. / Denna undersökning har innefattat en granskning av logghanteringen som exi- sterar hos företaget Telia och en jämförelse av två logghanteringssystem: Splunk och ELK. Undersökningen visar att loggmeddelanden hos företaget har olika format och lagras i filer på en hårddisk som nås genom nätverket. Både ELK och Splunk kan hantera loggmeddelanden med olika format. ELK kan läsa in loggmeddelanden av olika format samtidigt, men detta är inte möjligt i Splunk då inläsningsprocessen måste repeteras för loggmeddelanden som har olika format. Båda systemen lagrar loggmeddelanden genom ett filsystem på en servers hårddisk där systemen är installerad. I nätverk som involverar flera servrar arbetar ELK distributivt genom att distribuera loggmeddelanden mellan dessa servrar. Följder av distribuering av loggmeddelanden ger en lägre arbets- börda för varje server i nätverket. I nätverk där Splunk används kan forwarders användas som skickar vidare loggmeddelanden till en eller flera central server som lagrar loggmeddelanden, därmed kan arbetsbördan för sökningar och in- dexering av data minskas. Sökningar av loggmeddelanden i Splunk utförs ge- nom att använda ett grafiskt gränssnitt. Sökningar i ELK sker genom att använ- da ett REST-API som finns i systemet som även används av externa system för att hämta sökresultat. Splunk har också ett REST-API inkluderat som kan an- vändas för att exportera sökresultat. Undersökningen visade att ELK hade en lägre söktid än Splunk. För undersökningen fanns ingen metod att använda för att mäta indexeringstiden för ELK vilket innebar att ingen jämförelse kunde gö- ras med avseende på indexeringstid. För framtida arbete rekommenderas bland annat att undersöka om det finns någon möjlighet att mäta indexeringstiden för ELK. En annan rekommendation är att låta fler logghanteringssystem ingå i un- dersökningen för att förbättra resultatet som kan vara lämpliga kandidater för företaget Telia. Ett förbättringsförslag är att utföra prestandatester för ett nät- verk med flera servrar för att därmed dra slutsatser för hur prestandan är i praktiken.
|
6 |
A comparative analysis of log management solutions: ELK stack versus PLG stackEriksson, Joakim, Karavek, Anawil January 2023 (has links)
Managing and analyzing large volumes of logs can be challenging, and a log management solution can effectively address this issue. However, selecting the right log management solution can be a daunting task, considering various factors such as desired features and the solution's efficiency in terms of storage and resource usage. This thesis addressed the problem of choosing between two log management solutions: ELK and PLG. We compared their tailing agents, log storage and visualization capabilities to provide an analysis of their pros and cons. To compare the two log management solutions we conducted two types of evaluations: performance and functional evaluation. Together these two evaluations provide a comprehensive picture of each tool's capabilities. The study found that PLG is more resource-efficient in terms of CPU and memory compared to ELK, and requires less disk space to store logs. ELK, however, performs better in terms of query request time. ELK has a more user-friendly interface and requires minimal configuration, while PLG requires more configuration but provides more control for experienced users. With this study, we hope to provide organizations and individuals with a summary of the pros and cons of ELK and PLG that can help when choosing a log management solution.
|
7 |
Logghantering med mjukvaraSchulze, Henrik, Brandberg, Fredrik January 2016 (has links)
Abstract By applying principles of conducting design science research, we have developed eight guide-lines for log management. By comparing with the literature on log management, we haveinvestigated the quality and relevance of the guidelines. We also investigated whether six of theeight guidelines are relevant in the sense that they can be supported by software. / Sammanfattning Genom att tillämpa principer för att bedriva forskning i design science, har vi tagit fram åttariktlinjer för en hantering av loggar. Genom jämförelse med litteratur om logghantering har viundersökt kvalitet och relevans hos riktlinjerna. Vi har även undersökt om sex av de åttariktlinjerna är relevanta i den meningen att mjukvara kan stödja dem.
|
8 |
Architecture and design requirements forEnterprise Security Monitoring Platform : Addressing security monitoring challenges in the financial services industryWierzbieniec, Gabriel January 2018 (has links)
Security Monitoring Platform (SMP) represents multiple detective controls applied inthe enterprise to protect against cyberattacks. Building SMP is a challenging task, as itconsists of multiple systems that require integration. This paper introduces a framework thatcompiles various aspects of Security Monitoring and presents respective requirements sets.SMP framework provides guidance for establishing a risk-based detection platform,augmented with automation, threat intelligence and analytics capabilities. It provides morebroad view on the problem of Security Monitoring in the enterprise context and can assist inthe platform creation. The proposed solution has been built using Design Science ResearchMethodology and contains of twenty requirements for building SMP. Expert evaluation andcomparison with similar frameworks show potential value in holistic approach to the problem,as well as indicate the need for further research.
|
9 |
Centralized log management for complex computer networksHanikat, Marcus January 2018 (has links)
In modern computer networks log messages produced on different devices throughout the network is collected and analyzed. The data from these log messages gives the network administrators an overview of the networks operation, allows them to detect problems with the network and block security breaches. In this thesis several different centralized log management systems are analyzed and evaluated to see if they match the requirements for security, performance and cost which was established. These requirements are designed to meet the stakeholder’s requirements of log management and allow for scaling along with the growth of their network. To prove that the selected system meets the requirements, a small-scale implementation of the system will be created as a “proof of concept”. The conclusion reached was that the best solution for the centralized log management system was the ELK Stack system which is based upon the three open source software Elasticsearch, Logstash and Kibana. In the small-scale implementation of the ELK Stack system it was shown that it meets all the requirements placed on the system. The goal of this thesis is to help develop a greater understanding of some well-known centralized log management systems and why the usage of them is important for computer networks. This will be done by describing, comparing and evaluating some of the functionalities of the selected centralized log management systems. This thesis will also be able to provide people and entities with guidance and recommendations for the choice and implementation of a centralized log management system. / I moderna datornätverk så produceras loggar på olika enheter i nätverket för att sedan samlas in och analyseras. Den data som finns i dessa loggar hjälper nätverksadministratörerna att få en överblick av hur nätverket fungerar, tillåter dem att upptäcka problem i nätverket samt blockera säkerhetshål. I detta projekt så analyseras flertalet relevanta system för centraliserad loggning utifrån de krav för säkerhet, prestanda och kostnad som är uppsatta. Dessa krav är uppsatta för att möta intressentens krav på loghantering och även tillåta för skalning jämsides med tillväxten av deras nätverk. För att bevisa att det valda systemet även fyller de uppsatta kraven så upprättades även en småskalig implementation av det valda systemet som ett ”proof of concept”. Slutsatsen som drogs var att det bästa centraliserade loggningssystemet utifrån de krav som ställs var ELK Stack som är baserat på tre olika mjukvarusystem med öppen källkod som heter Elasticsearch, Logstash och Kibana. I den småskaliga implementationen av detta system så påvisades även att det valda loggningssystemet uppnår samtliga krav som ställdes på systemet. Målet med detta projekt är att hjälpa till att utveckla kunskapen kring några välkända system för centraliserad loggning och varför användning av dessa är av stor betydelse för datornätverk. Detta kommer att göras genom att beskriva, jämföra och utvärdera de utvalda systemen för centraliserad loggning. Projektet kan även att hjälpa personer och organisationer med vägledning och rekommendationer inför val och implementation av ett centraliserat loggningssystem.
|
10 |
Návrh informačního systému / Information System DesignHraško, Branislav January 2020 (has links)
This diploma thesis evaluates the current state of a product developed by a company Kentico software s. r. o. called Kentico Kontent. Based on the analysis of the organization and the product is realized a proposal of a log management system designed for customers of the company which is currently not implemented in Kentico Kontent.
|
Page generated in 0.0569 seconds