Log, Event & Security Analytics with cfxDimensions Platform
May 23rd, 2019
Log Management Challenges
Effective Log Management is a common challenge for many IT organizations and this is due to ever expanding complexity and dynamic nature of IT logs. The logs are generally spread out in many different systems, which makes it difficult to analyze the logs. Further, IT teams are not able to reconcile the logs to gain insights into performance or security issues.
In regulated environments, logs must be accessible anytime and also stored for several years for compliance reasons.
All of this makes log management a challenging task for IT. Let’s look at how Dimensions Log Analytics addresses these problems
cfxDLA Is a centralized log analytics solution, that ingests logs from multiple tools and enables IT teams with advanced analytics and insights. The solution also leverages AI & ML capabilities to perform event correlation, failure root cause detection and event categorization.
The solution focuses on 3 key areas
- Log Analysis
- Traffic Analysis
- Security Analysis
How it Works
We ingest logs, events and metrics from multiple data sources and forward to a load balancer, after which we perform log separation, raw log archival for historical analysis and compliance.
Simultaneously, we also index the logs and perform visualizations. We then feed the vectorized logs data to AI and Machine learning to perform advanced analytics like event correlation, root cause analysis and event categorization.
Log Analysis: IT teams can ingest logs from any managed IT asset, index and archive logs, and get advanced visualization and reporting.
Few customer scenarios include:
- Customer had logs spread across multiple element management systems and storage administrators had to sift through numerous logs to identify and detect potential issues. cfxDLA stack helped storage administrators to detect potential disk failures by ingesting syslogs from a NetApp storage systems and made it easy to assimilate and reconcile all the logs from a centralized portal.
- In another customer scenario, system administrators had to go through each and every individual Windows server to understand log activities. With cfxDLA stack, system admins were able to visualize all the Windows event logs from central place and easily examine credential failure errors.
- In this scenario, logs were ingested from multiple Cisco UCS domains and server administrators were able to detect power supply errors and take up remediation actions.
Traffic Analysis: Is vital to any Network operations team. cfxDLA can ingest Netflow records, flow logs, SIP call logs, packet captures, from various network devices to provide insights about traffic usage patterns, noisy neighbors and top services, ports or protocols.
In this customer scenario, Netflow records were ingested and DLA stack helped identify top talkers, top services, protocols and ports. The chord diagram visually identifies top source and destinations. Network admins can also drill-down to particular device or interface and gain deeper insights about traffic patterns.
Customers can perform basic and advanced search queries or retrieve raw flow records.
In another Telecom Service Provider scenario, SIP call logs were ingested and cfxDLA stack provided provide SIP call categorization and root cause analysis for SIP call failures.
Security Analysis: For security analysis, cfxDLA ingests IDP, IDS logs from various network endpoints and provides a geomap view of threat originating regions.
Suspicious traffic patterns or threats are also aggregated and categorized based on severity. Top traffic originating internal systems can also be easily identified.
Suspicious hosts can be selected for further drill down and analysis.
In a nutshell, cfxDimensions Log Analytics (DLA) enables effective log management for enterprises to provide Log, Event and Security Analysis.
To learn more, subscribe to one of our upcoming webinars, or visit https://cloudfabrix.com