SYSLOG SIEM Event Log Management and Consolidation
A SYSLOG facility that formats ALL event logs from your IBM iSeries, Mainframe, Windows, Linux, AIX and Unix Servers, as well as DB2, Oracle, MS SQL, MYSQL, Sybase & Progress Databases into easy to read format in a single database. The Cross-Platform Audit (CPA) is an event log management software solution that provides incredible clarity and simplicity that no other SYSLOG faciltiy provides. Compare our SYSLOG facility screenshots to other SYSLOG Servers, and see for yourself. The Cross-Platform Audit (CPA) SYSLOG facility was initially designed as Database Activity Monitor, but quickly grew into a complete event log management solution with amazing auditing, alerting (IDS) and filtering features no other SYSLOG facility provides.
The CPA consolidates event logs of all your systems, databases, devices and other sources into a powerful intuitive Audit and Reporting facility, enabling auditors and system administrators to quickly identify and understand critical events. The CPA SYSLOG Facility by automatically organizes event log types by many different categories for logical filtering and sorting. Any individual using the CPA SYSLOG facility will not need platform specific experience to use its real-time auditing, reporting or analysis tools. SYSLOG facility data sources include (but not limited too); IBM iSeries (OS400), IBM Mainframe (OS390), IBM Power (AIX), Windows, UNIX, SQL, Oracle, IBM DB2 (all ?avors), Sybase and Progress.
Real-Time Auditing of all System Event Logs, Database, Security, Applications and Devices at your finger tips
The CPA SYSLOG facility gathers all the system event logs or only the event log types you deem relevent, in real-time or in scheduled batch increments. You can pre-define which event types and by which users will be included in the CPA SYSLOG facility, as you may not want to flood your database with unwanted events. The CPA SYSLOG Server allows you to configure unique event log extract policies by Server, you may want to extract Event logs from some servers in real-time and in scheduled increments for other servers based. The CPA SYSLOG facility give you the flexibility to define unique selection criteria for each Server, Database and Users.
Global User Identification Mapping
Since not all users will have the same User ID on each system, it is for this reason the CPA SYSLOG facility includes a Global ID mapping tool to correlate a Users events coming from different servers, databases and even log sources. For instance, ALINCOLN on system A, is also LINCOLNA on system B, ABRAHAML on another system and ABEL1865 on other systems. The Global ID mapping function allows you to efficiently conduct an audit, quering event logs in real-time (from all your servers, databases and event log sources) and run reports on this users activity very quickly and affectively, becuase the GID has consolidated all of Abraham Lincoln's User IDs and Alias accross all your systems and databases, by mapping them to a single GID. Without a Global ID, an auditor would either have to run multiple reports, on multiple systems, databases and event log sources, AND write a complex custom queries on each, while including all the variables that apply for this user. Even if you did have all audit logs in a single Event Log Management database, you would still have to write time consuming queries to get the audit results you are seeking.
Intrusion Detection System (Alerts)
Alerts can be triggered by any event in the CPA SYSLOG facility to notify admin as soon as it's imported into the CPA database. IDS events can be defined using very general or specific criteria, and can optionally active for specified days and times. Alert notification/actions include; pop-up message on PC, sending an email or SMS message.
SYSLOG Event Forwarding
CPA can also forward event logs to any SYSLOG Server or SIEM tool, including Kiwi, LogRythm, RSA Envision "Certified", Splunk, ArcSight, Nitro Security, Syslog-NG, or any other SYSLOG Server and SIEM tool that needs integration with IBM iSeries and Mainframe systems.
SYSLOG Collection Criteria
Pre-filter system, security, database and applicatoin events for each Data Source to surpress the collection of non-relevent events using a number of selection criteria and/or using boolean expressions to define your selected event types.
SYSLOG and SIEM forwarding for non-conforming platforms
The SYSLOG facility can also be configured to forward extracted event logs to any SYSLOG or SIEM server in the desired format very quickly. The CPA is an ideal tool where IBM platforms and databases need to coexist with other platform and database types within a single repository for audit log archiving and analysis.
Check out Cross-Platform Audit "CPA" and compare the differences for yourself. The CPA is ideal for consolidating Database, System and Security event logs from any platform efficiently. The CPA lets you define custom data extraction policies for each event source by event type and/or user before exraction into the Sequel Database. CPA supports:
- IBM iSeries: System Audit Journal "QAUDJRN" | Database Changes & Reads "Journaled DB2 files" | SQL Statements | Network Events "Exit Program" such as FTP, ODBC/JDBC and other Applications | History Log "QHST" | any Message & Job Queue
- IBM Mainframe: SMF Telnet, SMF FTP, SMF VSAM, SMF RACF | TCP/IP FTP, TCP/IP Telnet applications | DB2 SMF, DB2 Data Audit Log, DB2 CICS SQL Data Capture, DB2 Batch SQL Data Capture
- IBM AIX: System Audit & DB2 Database File Audit
- Windows: System Event Logs, Applications, DNS and others | Active Directory Compliance | ISA Server Logs | DHCP Logs, IIS Web Server Logs & Exchange Server Logs
- Linux: System Audit X86, 86_64, IA64, PPC64, PPC, S390X, S390
- Unix & Solaris: System Audit
- SYSLOG applications & devices: Routers, Firewalls, Anitvirus and any other SYSLOG source
- Oracle: SQL Statements, Oracle System Logs, Admin Logs, Users/Profiles, Procedures and Database Audit
- DB2: File and Field Audit with Before/After Images side-by-side
- MS SQL: SQL Statements, Ssytem Audit and Data Audit
- MYSQL: Audit, Connect, Query, Prepare, Execute, Shutdown, Quit, No Audit Init DB and others
- Progress: System Audit & Data Audit
- SYBASE: System Audit
- Applications: any application that produces a flat file audit log
Additional Data Sources are currently in development... please contact us if you beleive you have a unique System, Database, Application or Device requirement we can assist you with.