Log Forwarding

A central part of all compliance regulations such as the Payment Card Industry Data Security Standard, HIPAA / HITECH Act, FINRA, and others, is the requirement to collect and monitor system logs. In almost all cases of a security breach that led to the loss of sensitive data, information about the breach was evident in system logs. Log collection and forwarding to a central log collection server is the first and most fundamental step in meeting these regulatory requirements.

 

In Unix and Linux environments the syslog-ng facility is used for log collection. To protect sensitive data in application logs, Enterprise customers deploy the syslog-ng Premium Edition product from Balabit IT Security. This version of syslog-ng supports encrypted storage, disk buffering in the event of network disruption, and multiple storage formats. The Premium Edition also provide support for the Windows operating system. These advanced features provide the reliability, security, and support that Enterprise customers need to meet modern compliance regulations.

 

IBM i (AS/400, iSeries, System i) customers have a special challenge when forwarding logs to a central log server. The IBM I operating system collects security events in a proprietary format and lacks support for secure and reliable transmission of logs to a log collection server. Alliance LogAgent from Townsend Security provides an easy-to-use solution for system log collection on this platform. IBM I customers can deploy LogAgent to collect security events from a variety of sources, format the events to the syslog standard (RFC 3164), and securely forward these events to a log collection server or SIEM solution.

 

Townsend Security works with a number of SIEM vendors to provide seamless integration of log forwarding from the IBM I platform. Companies like LogRhythm, Trigeo, Tripwire, and others partner with Townsend Security to provide real time monitoring of the IBM i security logs.