Log management is one of the primary requirements for building an enterprise class SOC. In security, Log analysis is often the first step in incident forensics. Operating systems such as windows, Unix, Linux and other network devices such as routers, firewalls etc. offer native log management capabilities but are not sufficient for organizations because of a variety of reasons. First, due to storage constraint older logs are overwritten by the most recent logs. Second, log collection for network devices, OSs are not reliable and are often not in the same format rendering analysis difficult. Another challenge is that the logs are distributed across devices and are not centrally stored or managed.

image courtesy: https://www.flickr.com/photos/purpleslog/2870445260

Some of the benefits of log management are :

  • Logs  often provide the first hand evidence in cyber forensics and are often invaluable in investigating security incidents and auditing. Log management help make forensics and investigation much easier.
  • Logs feeds SIEM solution for continuous security monitoring. A better log management speeds-ups the correlation engine and provide better insights by  reducing noise in analysis results.
  • Log management helps managing compliance requirements as they require organizations to index log events for easy accessibility and search capability
  • Log management can help optimize the storage requirements by discarding unimportant logs

( Read More: Checklist To Evaluate SIEM Vendors )

Below is the list of couple of open-source Log Management tools which provide the capability of reliable log collection, Log normalization and relaying of Log messages to a central location for their log time storage.

1. Syslog-ng

syslog-ng allows you to flexibly collect, parse, classify, and correlate logs from across your infrastructure and store or route them to log analysis tools

2. rsyslog

Rsyslog is an open-source software utility used on UNIX and Unix-like computer systems for forwarding log messages in an IPnetwork. It implements the basic syslog protocol, extends it with content-based filtering, rich filtering capabilities, flexible configuration options and adds features such as using TCP for transport.

3. Log2timeline

Log2timeline is a tool designed to extract timestamps from various files found on a typical computer system(s) and aggregate them. Plaso is a Python-based backend engine for the tool log2timeline.


LOGalyze is an open source, centralized log management and network monitoring software. If you would like to handle all of your log data in one place, LOGalyze is the right choice. It supports Linux/Unix servers, network devices, Windows hosts. It provides real-time event detection and extensive search capabilities.

5.Gray Log

Graylog2 collects and aggregates events from a multitude of sources and presents your data in a streamlined, simplified interface where you can drill down to important metrics, identify key relationships, generate powerful data visualizations and derive actionable insights.

6. Fluentd

Fluentd is an open source data collector, which lets you unify the data collection and consumption for a better use and understanding of data.

( Read More: Top 10 'Incident Response & SIEM' talks from RSA Conference 201... )

Pre-Register for SACON International 2017. Click on the image below to pre-register

Views: 4914

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */