|
Wallix LogBox (WLB), Logs record all the events occurring on an organization's network. They originate from applications, operating systems, network and security devices and help detect security vulnerabilities, unauthorized activity and hardware or software malfunction. Logs are vital aids to administrators, helping them to identify, understand and react appropriately to network events.
However, managing logs pose one major difficulty: they are numerous and have many formats, making analysis and interpretation a difficult task. Most logs include agent information such as date and message. Collection, analysis and export, as reports, remain a challenge for network and system administrators. Meanwhile the lack of normalizers, the high number of log sources, legal obligations and the daily volume of logs make the analysis and supervision of audit trails a sometimes daunting task. However, they are fundamental to a healthy, secure and functional computer network. Wallix developed the LogBox to meet the specific needs of log management. Available as a hardware appliance or as software, Wallix LogBox enables unified and simplified access to any type of log, regardless of its format or origin. By defining alerts based on the detection of regular expressions within the logs, system administrators can easily identify, understand and solve network problems. |
|
Collection Wallix LogBox collects logs from various sources on the fly: operating systems, software, servers, network devices and so on. It natively integrates the most commonly-used transport protocols (Syslog, Unix/Linux, network devices via UDP, TCP or SSL, SNMP, LEA, SSH and SCP, FTP).
Normalization Normalization gives meaning to logs. It does so by applying a series of filters that convert the log Indexing & Filtering
When indexing is enabled, LogBox supports 'plain text' search on indexed logs and normalized tags. Search criteria may include one or several expressions found in the body of the log. Log filtering is also possible by creating more-elaborate requests combining several search criteria. The search criteria can be saved for Access rules
The LogBox administrator has the option to restrict access to specific user profiles; important for
mission-critical systems and applications, and for ensuring compliance.
Analysis & Alerts
Wallix LogBox can be configured to send alert emails upon detecting a tag that meets defined criteria. Sending of real-time alerts is defined and configured by the LogBox administrator and can relate to any normalized tag.
Routing & Archiving
Logs can be routed to various destinations and via many transport protocols. Routing is processed according to advanced criteria, giving the IT administrator total control over the dispatching of collected logs. This feature is particularly useful for archiving logs on third-party devices or merging them into SIEM solutions.
Clear, concise and detailed reporting
 Wallix LogBox natively integrates a range of concise and detailed reporting features utilizing a template approach for customized reports. It generates automatic reports on security events across multiple network devices (firewalls, SSH servers, web proxies, web servers, syslog data) and on specific time-ranges (daily, weekly or user-defined). The administrator benefits from a comprehensive real-time view of everything recorded by the network devices: essential to ensuring optimal network performance. If an incident occurs, corrective actions can be taken more easily. The administrator can locate the problem simply and quickly and react appropriately and with precision.
Agentless technology, easy to deploy and manage
Wallix LogBox needs no specific agent to be installed, either on the network devices or on the desktop. This makes for easy deployment, and quick and effective daily administration.
 Download Wallix LogBox Virtual Machine
http://www.wallix.com/index.php/demos/wlb-vm-trial-version
|
