Syslog a Promising Solution to Log Management
Main Article Content
Abstract
Log data are very useful in the changing scenario as it contains information related to types of events/attacks occurring within an organizations network. Log data are also very useful to track the history of an intruder’s activity in day-to-day work and providing evidence to investigate malicious activity. Hence log files, which are most significant for cyber security investigation, should be stored in a secured place so that intruders will not be able to alter or erase log files. In order to protect the log data from breaches of their confidentiality and integrity log management is required in almost all enterprises. Windows event log has too many limitations, which becomes the biggest challenge in the process of log management. One of the limitations of windows event log is that, it is incapable of handling of messages from network devices such as routers and switches. Also there are no native window tools available to facilitate the centralization of logging process from different log sources in an organization where as Syslog offers very efficient solution to centralize the logging function. The proposed solution strongly recommends using syslog for the log management process. The proposed architectural model is very efficient to capture log data from anywhere in an organizations networks. The solution proposed here greatly simplifies the process of log storage and analysis by centralizing the logging process from all the devices present in the network and also provide a secured storage for the log data. The proposed model also makes it possible for Windows event log to be compatible with the logging function of other operating system.
Â
Keywords: Syslog, Audit logs, Cyber security, Windows Event logs, Log management.
Downloads
Article Details
COPYRIGHT
Submission of a manuscript implies: that the work described has not been published before, that it is not under consideration for publication elsewhere; that if and when the manuscript is accepted for publication, the authors agree to automatic transfer of the copyright to the publisher.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work
- The journal allows the author(s) to retain publishing rights without restrictions.
- The journal allows the author(s) to hold the copyright without restrictions.