Organizations need to identify security threats in order to properly mitigate them. Logging is an essential method for pulling together system data, and in turn, identifying security threats, but creating an effective logging system isn't easy, especially for organizations operating on a tight budget. Beyond that, with so much logging going on, sometimes there's so much data that a security team can't find the events or instances that indicate a problem. What security teams really need is a free tool that collects log data and organizes it in a helpful way. LOGStorm can help.
In this SearchSecurity screencast, Keith Barker, CISSP and trainer for CBT Nuggets LLC, demonstrates how to use BlackStratus' LOG Storm, a free, easy-to-use tool that sifts through all of the log data accumulated from an organization's network, and makes an organized, prioritized list of malicious traffic and events occurring on the systems.
LOG Storm identifies malicious traffic on a company's network using its existing infrastructure. Free on up to five reporting devices, LOG Storm is implemented as a virtual appliance in vSphere, so it runs as a virtual machine (VM) after a five-minute install from BlackStratus' website. The LOG Storm VM receives log messages from the reporting network devices, and provides log management and correlation. The dashboard shows real-time incident monitoring. LOG Storm not only collects the data, but also identifies patterns of attacks and prioritizes critical events so security teams know what to take care of first. At the end of the log screening process, the tool generates a report of its findings -- available in formats such as a PDF -- for easy storage and review.
One of the great features of LOG Storm is that it's customizable to fit each individual organization's needs. Users can specify which network devices send syslog, the IP subnets of interest, and which reporting assets to collect from. The user can customize the preset rules or use the default settings, as well as configure the means of notification to email, SMS, syslog or SNMP.
About CBT Nuggets:
CBT Nuggets creates cutting-edge online IT training in topics including network security, server administration and more. Train 24/7 from any device. Try CBT Nuggets with a seven-day free trial and train on a variety of topics, including Cisco security, Wireshark, Linux and more! Watch. Learn. Conquer.
About Keith Barker:
Keith Barker, CISSP, is a trainer for CBT Nuggets and has more than 27 years of IT experience. He is a double CCIE and has been named a Cisco Designated VIP. Barker is also the author of numerous Cisco Press books and articles.