Log Management GuideΒΆ
Log Management is an important Punchplatform use case. A complete log management solution breaks down into several components: log collection, log parsing, event management, archiving and indexing. The punchplatform supports standard configurations ot support these components:
- LTR (Log TRansfer) and LMR (Log Management Reception) are used to collect and transfer the logs;
- LMC (Log Management Center) is in charge of parsing, normalising, enriching indexing and saving your logs.
The parsing, enrichement and normalization phases are an essential part of the chain. These are performed by punchlets, small parsers and functions written in Punch (Getting started). The PunchPlatform ships in with many standard log parsers written by cybersecurity experts.
This chapter explains all these topics in details.
- Architecture
- Platform Configuration Folder Layout
- Write your first parser
- Write industrial parsers
- Event Normalization
- Event Classification
- Standard Log Parsers
- Alcatel Switch
- Apache Httpd
- Arkoon
- Aruba 7200
- Bluecoat ProxySG
- Ca Site Minder
- Checkpoint firewall
- Checkpoint Security Gateways
- Cisco Asa
- Cisco Ironport
- Cisco WLC
- DenyAll Probe
- DenyAll Security
- F5
- FireEye AX Series
- Fortinet Fortianalyzer
- Fortinet Fortigate
- Handover
- Infoblox Trinzic
- Ironmail
- Junos Junos 5
- Juniper Netscreen
- Juniper Network Security Manager
- Juniper Srx Parser
- Isc DHCP Server
- McAfee ePolicy Orchestrator
- Microsoft Exchange
- Microsoft IIS
- Microsoft Windows
- Apache Httpd
- Nokia VitalQIP
- PaloAlto
- Postfix
- Radius
- Sophos
- Sophos Pure Message
- Sourcefire IPS
- Squid
- Stonesoft
- Stormshield Newtork Security
- Sun Solaris
- Suricata
- Symantec Endpoint protection
- Thales Mistral
- Unix
- VormMetric
- Wallix Admin Bastion
- Websense Web Security