syslog-ng Store Box
Photo Gallery
 |
 |
syslog-ng Store Box
Additional Info
| Company | Balabit Corp. |
| Website | http://www.balabit.com |
| Company size (employees) | 200+ |
| Type of solution | Hybrid |
Overview
Based on syslog-ng – one of the most widely adopted log management software packages – Balabit’s syslog-ng Store Box (SSB) is a highly reliable and high-performance log management appliance which collects, classifies, organises, and securely stores log messages for any enterprise who operates a log management infrastructure.
Featuring a powerful web-based search interface and statistics engine, SSB facilitates easier log reviews and auditing in forensic investigations. Using syslog-ng on clients as its collection tool, SSB is able to collect log messages from a wide variety of log sources including syslog formats, simple text files, database files (SQL, Oracle, SNMP traps, etc.). A single SSB appliance can collect and index up to 100,000 events per second from several thousand log sources. With flexible filtering, parsing, rewriting, and classification tools, SSB provides users the ability to process structured and unstructured data and organise log data from across IT environments. It optimizes searches for fast resolution to forensics investigations and further analytics, and optimize the overall performance of SIEM solutions and lower its TCO.
SSB differs in its reliability and scalability in managing log messages. While many competitors claim to be reliable, SSB has the technical solutions to prevent message loss. On the client-side, the syslog-ng application has several features including local disk buffering of messages, failover destinations, and message rate control to assure that messages are not lost if the SSB becomes unavailable, neither in collecting and transferring messages to the central log server.
While competitors claim that their solutions are reliable because they use Transmission Control Protocol (TCP), Balabit’s SSB goes further to unsure that potentially vital log messages are accessible in forensics investigations.
The deployment of SSB in a large IT environment, which is offered both as a physical or virtual appliance, can be made in a few days.
How we are different
1. Balabit’s open source syslog-ng trusted logging solution, the base of syslog-ng Store Box appliance is used by more than 1,000,000 users globally. The syslog-ng technology was created 15 years ago to replace the UNIX syslogd. Two years later it was used in Debian Linux distributions for system logging and log file management. As Balabit contributes to the global log standardization efforts, it shortly became the de-facto industry standard for log management. We can find a huge number of enterprises who rely on its open source version, including Facebook or a CCIN2P3, the French Nuclear Research Institution or the
European Aeronautic Defence and Space Company.
2. SSB helps customers to meet budgetary expectations, as it enables organisations to consolidate and centralise their log management with one solution reducing the time needed to resolve forensics investigations leading to reduced infrastructure maintenance costs and increased availability. SSB reduces the time and cost of deploying a log management solution. Deploying SSB for managing log messages, particularly one offering high reliability and scalability, reduces training and maintenance costs. The rapid search and processing helps customers harness the information contained in log messages to increase the performance of their infrastructure.
3. SSB optimizes the performance and TCO of SIEM solutions. SIEM's provide a dizzying array of charts, graphs and dashboards based on sophisticated event correlation analysis, but these analyses are only as good as the data collected from network devices and applications. SSB can be used to feed log data to SIEM which are very expensive to deploy. By pre-processing the log data with SSB, companies can reduce their investments in SIEM solution dramatically as those are generally priced on on the amount of data processed. Filtering irrelevant data and classifying message types before feeding SIEM solutions reduces initial investment and also improves SIEM querying performance.
