This is the part of the system which is visible to the user, the functions of the framework can be used via this interface. Also the system administration (managing users, adding/removing filters, etc.) is done via this interface too. This module displays the processed log messages in a tree structure designed with the needs of the client in mind.
Easy to use graphical interface
The simple, easy-to-use user interface assures the easy configuration and reporting. The LOGNESS framework operates in a thin client system: the collection and analysis is done on a central log server, and the user interface is simply a web page.
In the LOGNESS framework the pre-defined number of reports is not limited because every element of the tree-structure is defined as a separated report; thus they can be executed individually and pertinently. Reports cover all possible types of incidents independent of application systems, data structure management systems, operational systems or net appliances.
Reports can be grouped and separated freely – for example according to geographical regions or in case of a service, according to customers.
The report generator module used by LOGNESS framework is developed fully in-house, no third party reporting engine is needed to operate it. Reports can be exported into Microsoft Word, PDF, CSV and HTML files. Results of completed reports can be viewed through the graphical user interface or automatically sent via email. The default reports that ship with the framework can easily be modified, customized and saved into unique directories.
In LOGNESS framework reporting and category creation are absolutely flexible, although it ships with pre-defined reports and categories. Depending on the structure, the number of reports is not limited. The number of categories can freely be chosen and formed, still there are built-in categories such as user activities, modification events, security events, network management events, storage events, miscellaneous events, etc.
Real-time alerting
The LOGNESS framework supports real-time e-mail and SMS alerting for a single, or several correlated log messages.
Correlated log analysis
The LOGNESS framework is able to recognize correlations between log messages, and it is able to treat these correlated messages as one.
Correlation types:
- Aggregation: one event occurs predefined times.
- Sequence: several different events occur in a predefined order.
- Composition: several different events occur in arbitrary order.
Analysis based on audit trails, querying the database
The LOGNESS framework supports searching the processed log messages based on a timeframe and predefined conditions. This filtering is based on so called „Templates”, which support querying the log messages based on several properties
Besides the template-based search, LOGNESS framework uses a dedicated search engine, which makes it the most efficient among the SIEM products when it comes to full text search.
Fast, accurate and efficient search algorythms:
- Numerous efficient query type: prefix based, free text, composite, wildcard based, range, etc.
- There’s no limit in the number of search terms
- Multiple-index searches with a summed up result
If you are interested, please contact us for your unique offer!