Log file management tramite syslog-ng Piergiorgio Venuti

Log File Management with the Cyberfero service

IT systems produce large quantities of log files, very useful tools for guaranteeing data security and application stability. However, in a complex ecosystem, the quantity of files and their location can become two insurmountable obstacles to overcome, in case it is necessary to consult the data efficiently. This is where log management systems come into play, which thanks to technologies such as Syslog-ng, are able to circumvent the problem. In the article, we see how a log file management solution can be a valuable investment.

What is a log file, what is it for

Any action that is performed on a machine or by it can be recorded in a log file. To understand what it is, let’s imagine that it is a ship’s logbook, in which every single event that happened on the boat is noted. In fact, the name derives from the nautical environment, in which the use of a logbook was common. This was nothing more than a diary in which navigation data were recorded at regular intervals: speed, wind strength and direction, water conditions and so on.

With the concept of recording useful information in a file that can be consulted later, the log file contains any changes, actions, states or modifications for security reasons. In case something goes wrong, it is easy to understand what happened by consulting a log file. This is especially true when we talk about servers and applications, data dissemination, IT security, etc.

Amount of log files

Some companies have up to a few dozen servers, others have hundreds, some thousands, and there are others that manage tens of thousands of servers. These systems produce a huge amount of data in the form of log files.

Complicating things is IT architecture. Very often machines are organized into subsystems, both for reasons of convenience and safety. In the unfortunate event that someone wants to consult the log files following an accident, we should despair. Which server holds the data we are interested in? Which subsystem is it in? These are not questions that can be answered simply, especially if you don’t know the source of the problem.

The management of the log files of a system (or Log Management) is essential in the collection of data, prevention and resolution of problems.

Cyberfero Log Management

SOD offers a log management solution through Syslog-ng Premium Edition agents. These are in charge of the collection, transmission and storage of log files. Not only are they collected and centralized in a single virtual place, but the data are also normalized, ie “translated” into standardized formats so that they can be consulted and compared more easily.

Real-time normalization, reporting and classification

Thanks to normalization, it is possible to carry out cross-sectional full-text searches in a few seconds to all the log files collected. Complex operations are guaranteed by the possibility of using wildcards and Boolean operators. The analysis of the collected data is therefore very simplified, which allows the data to also be used to monitor the efficiency of the system, identify possible future problems and intervene before it is too late.

It is also possible to generate customized reports consisting of graphs and statistics with the aim of certifying compliance with standards and regulations such as PCI-DSS, ISO 27001, SOX and HIPAA.

One of the most interesting features of syslog-ng is the ability to automatically classify messages and sort them into classes. These can then be used to label the type of event described in the log. Examples of possible classes: user login, application crash, file transfer, etc.

Extraction and correlation of messages in log files

The classification of messages opens the door to a further functionality: the extraction and correlation of messages. Once each message contained in the log file has been normalized and classified according to your needs, it is possible to assign different tags, to add an additional filter level.

To give an example: once a user’s login messages have been collected, it is possible to label them as user_login, and then isolate them by extracting them and collecting them in a separate file to perform further processing on these messages.

Syslog-ng also makes it possible to correlate events in real time, to prevent data from a single event being scattered across multiple log files. For example, the access and exit data (log-in and log-out) are often recorded far from each other, even in different log files. Through correlation, the data of a single event can be collected and analyzed in isolation.

Automatic backup

The stored log messages and the configuration of the Log Management service can be periodically transferred to a remote server using the following protocols:

– Network File System protocol (NFS)
– Rsync over SSH
– Server Message Block protocol (SMB / CIFS)

Performance

The log file collection and management system with syslog-ng PE agents operates on over 50 platforms, including all Linux distributions and commercial versions of Unix and Windows. The service is able to manage huge quantities of messages, up to over 100,000 per second and over 70 GB of raw log files per hour, from 5000 different sources (servers, applications, etc.).

Ask us for more information about our Log Monitoring service to know specifically how it can be implemented in your systems and how it can help you.

[btnsx id=”2931″]

Useful links:

Log Management

Log Management features

New service | Log Management – High performance service for collecting logs

 

 

 

Share


RSS

More Articles…

Categories …

Tags

RSS Unknown Feed

RSS Full Disclosure

  • Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties July 2, 2026
    Posted by Red Nanaki via Fulldisclosure on Jul 02Whistleblowersoftware.com: confidentiality and anonymity leakage to third parties ## Summary The anonymous reporting flow on `whistleblowersoftware.com` encrypts report text end-to-end in the browser but does not extend the same guarantee to attachments and exposes the reporter's network identity and timing to a US-based third party. Together these […]
  • OpenBlow Multiple Deanonymization Vulnerabilities July 2, 2026
    Posted by Red Nanaki via Fulldisclosure on Jul 02OpenBlow Multiple Deanonymization Vulnerabilities Summary A production deployment was observed (HTTP archive of a full, real whistleblower submission) to route its anonymous reporting flow through Google. The intake CAPTCHA is Google reCAPTCHA, enforced as a mandatory, server-validated gate on report submission, and the UI additionally pulls a […]
  • Whistlelink: Site-access password exposed in web server access logs via GET query string July 2, 2026
    Posted by Red Nanaki via Fulldisclosure on Jul 02Whistlelink: Site-access password exposed in web server access logs via GET query string Severity: CRITICAL SUMMARY The Whistlelink reporting portal protects optionally-enabled, password-gated whistleblowing sites with a site-access password. When a visitor unlocks such a site, the client validates the password by issuing an HTTP GET request […]
  • APPLE-SA-06-29-2026-3 Safari 26.5.2 July 2, 2026
    Posted by Apple Product Security via Fulldisclosure on Jul 02APPLE-SA-06-29-2026-3 Safari 26.5.2 Safari 26.5.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127685. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Web Extensions Available for: macOS Sonoma and macOS Sequoia Impact: A […]
  • APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2 July 2, 2026
    Posted by Apple Product Security via Fulldisclosure on Jul 02APPLE-SA-06-29-2026-2 macOS Tahoe 26.5.2 macOS Tahoe 26.5.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127595. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. IOGPUFamily Available for: macOS Tahoe Impact: An app may […]
  • APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2 July 2, 2026
    Posted by Apple Product Security via Fulldisclosure on Jul 02APPLE-SA-06-29-2026-1 iOS 26.5.2 and iPadOS 26.5.2 iOS 26.5.2 and iPadOS 26.5.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/en-us/127594. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. IOGPUFamily Available for: iPhone 11 […]
  • pwnlift: symlink following and TOCTOU in privileged upload handler allow arbitrary file write as root July 2, 2026
    Posted by Greg via Fulldisclosure on Jul 021. Advisory information ----------------------- Title: Symlink following and TOCTOU in pwnlift upload handler allow arbitrary file write as root Advisory: https://github.com/GregDurys/security-advisories GHSA: GHSA-2v7v-rhpw-m9w4 CVE: CVE-2026-56815 Class: CWE-59 (Improper Link Resolution Before File Access), CWE-367 (Time-of-check Time-of-use Race Condition) CVSS: 7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Date: 2026-06-27...
  • [KIS-2026-12] Control Web Panel <= 0.9.8.1224 (userRes) SQL Injection Vulnerability July 2, 2026
    Posted by Egidio Romano on Jul 02--------------------------------------------------------------------- Control Web Panel
  • [fulldis] CVE-2026-58451 - Horde Groupware IMP path traversal vuln July 2, 2026
    Posted by ㅤevan via Fulldisclosure on Jul 02this is my first time sending to a mailing list so ive chosen something easy. here goes: Summary: Horde Groupware’s IMP Webmail solution contains a path traversal/local file inclusion vulnerability which could be exploited to escalate privileges or bypass authentication (through CSRF if unauthenticated). the vulnerability is in […]
  • Samsung Galaxy Buds – Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption (Vendor Response: Working as Intended) July 2, 2026
    Posted by 490h3fqwomf via Fulldisclosure on Jul 02Hello Full Disclosure, The following publicly available research describes a Bluetooth attack against Samsung Galaxy Buds that leverages connection arbitration behavior between HFP and A2DP profiles to preempt an active audio session. Title: Zero-Click HFP/A2DP Takeover via L2CAP Session Preemption Exploiting Seamless Earbud Connection Arbitration to Bypass Pairing […]

Customers