Info Security Memo
  • Blog
  • Sitemap
    • Categories
  • Contact
  • About
  • Resources
  • Tools
  • 51sec.org

Build Confidence

Focusing on Information Security 

Info Security Notes

Using NXLog to Collect Windows Event Logs

9/3/2019

0 Comments

 
There are a lot of syslog collectors for Windows, but when it comes to stability and features, NXlog has the best chances to fulfill all the requirements.

Windows EventLog allows multi-line messages, so this text is a lot more readable and nicely formatted by spaces, tabs and line-breaks as can be seen in Event Viewer. Because syslog only reads/writes single-line messages, this formatting must be stripped of the EventLog message. In doing so, we lose the meta-data. NXlog is capable of reading these fields, recognize the structure and forward these remotely (or act on them for alerting purposes), thus sparing you time and resources. So, if you use the NXlog framework (client/server) there will be no need to spend time writing patterns to extract usernames, IP addresses and similar meta-data.

Read More
0 Comments

Forwarding Windows Event Logs to Syslog Server (Kiwi Syslog)

9/2/2019

0 Comments

 
Centralizing your logs saves time and increases the reliability of your log data, especially for Windows machines. When Windows log files are stored locally on each server, you have to individually log into each one to go through them and look for any errors or warnings. It’s possible for a Windows server to forward its events to a “subscribing” server. In this scenario the collector server can become a central repository for Windows logs from other servers in the network.There are many ways you can forward your windows event logs to a centralized log server. You can use event log forwarding feature which was introduced in Windows Server 2008. Event log forwarding brought forth a native and automatic way to get events from multiple computers (event sources) into one or more machines called collectors. Another option is to use third party software, such Solarwinds Free Event Log Forwarder for Windows. 

In this post, I am going to introduce another free software , Eventlog to Syslog. The Eventlog to Syslog utility is a program that runs on Microsoft Windows NT class operating systems monitoring the eventlog for new messages. When a new message appears in the eventlog, it is read, formatted, and forwarded to a UNIX syslog server.

1. Install Syslog Server - Kiwi Syslog Free Version
1.1 Download the Kiwi Syslog Daemon from the Kiwi from Download address: https://thwack.solarwinds.com/community/free-tools-and-trials
1.2 Run the Kiwi Syslog Daemon executable file to launch the installation program. Follow the instructions in the installation wizard to install the Kiwi Syslog Daemon as a service.
1.3 Once the Kiwi Syslog Daemon is installed, start the program to start the Syslog Daemon.

Read More
0 Comments

ArcSight SIEM Logger Web, Search Examples, Use Case Reports

6/16/2019

0 Comments

 
ArcSight Logger is one of products from Micro Focus SIEM platform. It  streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously address multiple regulations.

Summary





Read More
0 Comments

Configure Netflow on network devices for PRTG Netflow Monitoring

8/13/2017

0 Comments

 
Netflow is a feature first introduced into Cisco routers and switches and then flow concept has been widely accepted by other network product vendors. Basically the network devices which support xflow feature can collect IP traffic statistics on the interfaces where xFlow is enabled, and export those statistics as xFlow records to remote defined xFlow collector.

PRTG can use this NetFlow feature for detailed bandwidth usage monitoring and it also shows you:
  • where your bandwidth is used
  • who is using it
  • how it is being used
  • why it is being used
It lets you see which specific applications are being used and how the usage might affect your network. NetFlow monitoring is included in all PRTG Network Monitor licenses, which means no special license to enable this feature. It will be counted into your sensors license.


Read More
0 Comments

Gartner Magic Quadrant for SIEM Products (2015, 2014, 2013, 2012, 2011, 2010)

7/25/2015

0 Comments

 
Gartner just released new "Magic Quadrant for Security Information and Event Management" on July 20, 2015. Not much surprising from the report. Since 2013, Splunk replaed NetIQ to position into Leaders quadrant. Other four vendors (IBM Q1 Labs, HP ArcSight, McAfee SIEM (Intel Security), LogRhythm SIEM) at Leaders Quadrant was not changed for last four years. 

2015


From Gartner Report "Magic Quadrant for Security Information and Event Management" Releasd on July 20, 2015.

2014


2013


2012


2011 

Magic Quadrant for Security Information and Event Management 2011

2010

Magic Quadrant for Security Information and Event Management 2010




SIEM is hot topic.SPLUNK is going to IPO started on Jan 12 2012. Also in last two years, there are a couple of milestone events happened in SIEM venders which has been listed below:

HP acquired ArcSight Sep 13, 2010, $1.5B
Solarwinds bought TriGeo Jun 23 2011, $3500
IBM acquired Q1 Labs, Oct 4 2011, $????
McAfee acquired NitroSecurity, Dec 1, 2011 $????
.
.
.




0 Comments

    Categories

    All
    Architecture
    Blog
    Checkpoint
    Cisco
    Cloud
    CyberArk
    F5
    Fortigate
    Guardium
    Juniper
    Linux
    Network
    Others
    Palo Alto
    Qualys
    Raspberry Pi
    Security
    SIEM
    Software
    Vmware
    VPN
    Wireless

    Archives

    March 2024
    February 2024
    January 2024
    December 2023
    November 2023
    October 2023
    September 2023
    August 2023
    July 2023
    June 2023
    May 2023
    April 2023
    March 2023
    February 2023
    January 2023
    December 2022
    November 2022
    October 2022
    September 2022
    August 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    October 2019
    September 2019
    June 2019
    July 2018
    May 2018
    December 2017
    August 2017
    April 2017
    March 2017
    January 2017
    December 2016
    November 2016
    October 2016
    September 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    April 2015
    March 2015

    Print Page:

    RSS Feed

    Email Subscribe
Powered by Create your own unique website with customizable templates.
  • Blog
  • Sitemap
    • Categories
  • Contact
  • About
  • Resources
  • Tools
  • 51sec.org