Management of log archival and reporting for data network security systems
First Claim
1. A security device log and reporting system for a data network, comprising:
- a Log Collection unit, for collecting log files from security devices, a Data Analysis and Log Archival unit for analysis and archival of log files, and a Data and System Access Unit providing a user interface with the Data Analysis and Log Archival Unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for security management comprising log archival and reporting is provided using a novel architecture with particular application which is scalable for larger scale global data networks. The system comprises a Log Collection unit, interfacing with a Data Analysis and Log Archival unit, and a Data and System Access Unit interfacing with the Data Analysis and Log Archival Unit. The Log Collection Unit comprises a Log Collector Manager for managing log collection from a plurality log collectors interfacing with one or more security devices. The log collection unit transfers logfiles to a Storage Manager and a Data Analysis manager, connected to a Data Analysis Store, of the Data Analysis and Log Archival unit, which also comprises a Archival unit associated with the Storage unit. The system provides for separation of logfile analysis and archival of logfiles, which improves scalability of the system. The Data and System Access unit provides a user interface for the system, preferably web based.
-
Citations
24 Claims
-
1. A security device log and reporting system for a data network, comprising:
-
a Log Collection unit, for collecting log files from security devices, a Data Analysis and Log Archival unit for analysis and archival of log files, and a Data and System Access Unit providing a user interface with the Data Analysis and Log Archival Unit. - View Dependent Claims (2, 3, 7, 8, 10, 12, 13)
-
-
4. A data network security management system for security device log archival and reporting comprising:
-
a log collection unit comprising a plurality of log collectors, each for collecting log files from a plurality of security device nodes and a log manager for collecting log files from the plurality of log collectors;
a data analysis and log archival unit for archival and automated analysis of log files transferred from the log manager, and a data and system access unit providing a user interface to the Data Analysis and Log Archival Unit. - View Dependent Claims (5, 6, 9)
-
-
11. A Log Manager for a data network security management system, wherein the Log Manager LM interfaces with a Data Analysis Manager (DAM) and a Storage Manager (SM) and the LM comprises:
means for collecting logfiles from security devices, means for pushing cached SD logfiles to a Storage manager for archival, and means for providing log archival status updates to a Data Analysis Manager (DAM). - View Dependent Claims (16, 17)
-
14. A security device log and reporting system wherein archival of log files is separated from analysis of logfiles.
-
15. A security device log and reporting system comprising a Log Manager, the Log Manager having a distributed interface for receiving logfiles from a plurality of security devices, and is the interface to a Data Analysis and Archival unit of the system.
-
18. A method of managing security device log archival and reporting for a data network security, comprising
collecting log files from a security device node at a log collector collecting log files from a plurality of log collectors at a log collection manager transferring log files from the log collection manager to a data analysis and log archival unit for archival and analysis.
-
19. A method of managing security device log archival and reporting for a data network security, comprising
collecting log files from a security device node at a log collector collecting log files from a plurality of log collectors at a log collection manager transferring log files from the log collection manager to a data analysis and log archival unit for archival and analysis, logfile analysis being separated from log file archival.
-
20. A method according to 18 comprising providing user access to the Data analysis and log archival unit via a a data and system access unit.
-
21. A Storage Manager for a security device log archival and reporting system comprising means for receiving security device logs from the log collector manager for system archival,
means for management of online and offline log archival and transition of logs from online to offline status, means for providing the DAM with access to security device logs on request, means for providing the DAM with access to the SM log archival tables on request.
-
23. A computer readable medium for implementing a method of managing security device log archival and reporting for a data network security, comprising
collecting log files from a security device node at a log collector collecting log files from a plurality of log collectors at a log collection manager transferring log files from the log collection manager to a data analysis and log archival unit for archival and analysis.
-
24. A method of managing security device log archival and reporting for a data network security, comprising
collecting log files from a security device node at a log collector collecting log files from a plurality of log collectors at a log collection manager transferring log files from the log collection manager to a data analysis and log archival unit for archival and analysis, logfile analysis being performed independently from log file archival.
Specification