Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Log Management Gets SLIM: Page 3 of 4

SLIM ships with a number of predefined reports for various regulations such as GLBA and SOX, and for standards such as COBIT. It also provides executive reports. Using a drag and drop interface, we built a number of reports that could be exported to common formats, including PDF, HTML, XML and CSV. Flexible scheduling and multiple formats eases integration with existing business processes and consumption by other products.

IT'S ALL ABOUT RELATIONSHIPS

SLIM's robust event correlation engine is somewhat unique to the log management market. It lets you create rules to match up events as they stream into the appliance. Using event correlation, disparate events can be related to generate a meta-event.

For example, an IDS may trigger on two separate events, such as an attack attempt, and a string that indicates a shell was opened on a host. It's up to the administrator reviewing raw logs to recognize that these two events are strong indication of a successful attack. With SLIM, you can write a rule to combine such events and notify an administrator. For instance, a rule might read "If I see multiple attacks followed by a command shell against the same destination IP within 1 hour, alert an administrator of a successful exploit."

SLIM can also forward events to other systems if needed, and can send data to an archive. A typical strategy is to archive one day's worth of data and save that file to external storage. Archived data can be re-imported into SLIM and searched, but it won't be archived a second time. Locating archived data is separate process not managed by SLIM, so you will have to determine how archives are named, saved and retrieved.