CAPTAIN'S LOG
Once SLIM is installed, you simply forward log sources to the appliance. SLIM ships with a large number of device support modules (DSMs) that parse events from common devices such as Cisco PIX, Linux syslog, Windows event logs, and Web server logs, to name a few. You can write custom DSMs to add your own parsing rules, but you will need to write regular expressions and know the format your logs are in, then write an XML file so SLIM can process incoming messages. It's no more difficult than writing add-ons for Splunk, though you probably want to inquire about the availability of additional DSMs as part of the purchase.
SLIM's log management capabilities revolve around search filters, which are used to investigate events and populate reports. Interactive searching for events is an iterative process of defining a search filter, running the search, refining the search filter and so on. This is where Splunk or LogLogic work better by auto-populating the search fields based on the indexed data. By contrast, with SLIM, you have to know what words to search for before you begin.
Search is where SLIM shows its event reporting roots. Searches are defined by specifying one of the predefined fields, selecting an operator (which changes based on the selected field) and then choosing the string you are looking for. In addition to keyword and numeric strings, regular expressions can be defined to search the packet payload, a useful feature when dealing with unparsed data. Searches can be saved for later use and shared with others.
Once the data is retrieved, we were able to view it in multiple ways using a drop down menu. For example, we created a filter that pulled up firewall deny events from our Sonicwall firewall, then we generated charts of aggregated data showing the top targets, top sources, top ports, and top protocols. Within a few minutes we found external hosts scanning ports commonly used for VNC, the open source desktop remote control program, as well as and Symantec Anti-virus. We could also drill into the aggregated data for further analysis.
Bob Friday, Chief AI Officer for Juniper Networks, explains how the advanced technology is transforming operations.
Contact center leaders from 8x8, Awaken Intelligence, and 360insight discuss the importance of agent experience.
AI may force enterprises to rewire parts of their data centers so they are fully optimized to run such workloads. The question is do you use Ethernet or InfiniBand?
