|
Features: (in no
particular order)
- Overview
- benefits
- syslogD
- secure info via https
eBuzzsaw provides a centralized logging solution for the heterogeneous
computer environment and networked systems.
eBuzzsaw collects nt event logs remotely (ie no client on the nt machine
is required ) and is a syslog server able to receive logs from unix
hosts (BSD, Linux, AIX, Solaris, etc). Possibly macs using osX in the
future. It will also receive logs from any router capable of sending
log info.
The ability to centrally: collect / manage / analyze / report/ on log
messages is one of the most important sources of information. We believe
regular (multiple times per day) is key to managing a network with as
few as 5 computers and becomes a necessity as one has more than 30 machines.
LOGS into a
sql db the following:
NT eventlogs. (pulls them remotely, requires no client on target machine).
syslogd messages. (all unix variants)
router logs. (most routers will 'syslog' their logs)
With centralized logging, one can see what is happening at any given
time slice across the whole network and one can still drill down to
see what is happening on just one machine.
The logs are stored in a very fast SQL data base and can be viewed
from many different perspectives.
Relatively small cost provides for IT departments monitoring / preemptive
ability to keep a company's core computer/network up and running. The
loss of a portion, or much worse, a majority of the IT departments operations
will have a corresponding down turn effect on the company's bottom line.
eBuzzSaw helps keep the IT department running smoothly.
Utilizing our buffered syslogd running
under NT, which we call syslogD, we are able to receive bursts of over
250 logs/sec and a sustained feed of 100 logs/sec storing up into a sql
data base. This provides a measure of stability not seen in many logging
systems in addition to superior performance.
It can listen on the standard port 514, or any other udp port of choice.
It can evoke multiple syslogD to listen on different ports. Useful
for a non syslog data stream, like from a nid, honey pot, process log,
etc.
speed: greater than 100 messages per second sustained. This is useful
for multi-host simultaneous bursts.
Buffered: using a non-blocking buffer design allows for receiving syslog
messages faster than a sql db is able to store the incoming messages.
This better assures no dropped messages, which can happen on all other
syslog servers.
Running reports is accomplished
via standard web browser versions 3 and up that can store security tokens.
We have tested Internet Explorer, Netscape, Opera and have seen no issues.
Utilizing https / ssl for the
user interface, provides ease of use by not requiring a dedicated 'client'
and can be used from inside or outside the intranet. From any computer
that can run a browser, including mac's.
Even if someone is 'sniffing'
your network, by using https / ssl it will provide some stiff obstacles
against unauthorized eyes seeing your sensitive log information.
| 