Syslog a Promising Solution to Log Management

Log data are very useful in the changing scenario as it contains information related to types of events/attacks occurring within an organizations network. Log data are also very useful to track the history of an intruder’s activity in day-to-day work and providing evidence to investigate malicious activity. Hence log files, which are most significant for cyber security investigation, should be stored in a secured place so that intruders will not be able to alter or erase log files. In order to protect the log data from breaches of their confidentiality and integrity log management is required in almost all enterprises. Windows event log has too many limitations, which becomes the biggest challenge in the process of log management. One of the limitations of windows event log is that, it is incapable of handling of messages from network devices such as routers and switches. Also there are no native window tools available to facilitate the centralization of logging process from different log sources in an organization where as Syslog offers very efficient solution to centralize the logging function. The proposed solution strongly recommends using syslog for the log management process. The proposed architectural model is very efficient to capture log data from anywhere in an organizations networks. The solution proposed here greatly simplifies the process of log storage and analysis by centralizing the logging process from all the devices present in the network and also provide a secured storage for the log data. The proposed model also makes it possible for Windows event log to be compatible with the logging function of other operating system.

 

Keywords: Syslog, Audit logs, Cyber security, Windows Event logs, Log management.