Method and system for acquisition and centralized storage of event logs from disparate systems
First Claim
1. A method for analyzing event logs from a plurality of different systems, comprising:
- accessing an event log from each of a plurality of different systems, the event logs being configured to store data in two or more different formats;
storing selected event data from each event log in a common format within a centralized event log within a centralized database; and
analyzing the stored event data within the centralized database to identify events meeting one or more predetermined parameters.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system are disclosed for acquisition and centralized storage of event logs from multiple systems. The present invention greatly improves the efficiency of event log review and analysis and is particularly useful for secure facilities performing periodic (e.g., weekly) event log audits for detection of security breaches. The present invention reduces human error by creating a centralized event log that automatically correlates event logs from disparate systems. The invention uses processing algorithms to analyze the centralized event log in order to identify events that meet selected criteria. A common format is utilized for the centralized event log to provide a uniform centralized event log that is easy to interpret by manual or automated analysis of the event data thereby greatly simplifying the audit process. In addition, the centralized event log can also be monitored on real time basis to detect sets of events triggering security alerts.
-
Citations
20 Claims
-
1. A method for analyzing event logs from a plurality of different systems, comprising:
-
accessing an event log from each of a plurality of different systems, the event logs being configured to store data in two or more different formats;
storing selected event data from each event log in a common format within a centralized event log within a centralized database; and
analyzing the stored event data within the centralized database to identify events meeting one or more predetermined parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A centralized log manager system for analyzing event logs from a plurality of different systems, comprising:
-
a plurality of different systems configured to store usage information in an event log, the event logs being configured to store data in two or more different formats;
a server system configured to communicate with the plurality of different systems to obtain event data from the event logs and to store selected event data from each event log in a common format in a centralized event log within a centralized database;
wherein the server system is further configured to analyze the stored event data within the centralized database to identify events meeting one or more predetermined parameters. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification