Deployment of Centralised Logs Repository for the Czech Television
About the Customer
Czech Television (CT) is a public service provider in the area of television broadcasting and an institution whose role it to develop and broadcast programming, offer balanced content
for all groups of viewers, and provide objective, verified, balanced and comprehensive information to support free formation of opinion.
Challenges Faced by the Customer
The Czech Television operates information systems required to support is main activities, a variety of database systems, and a very extensive computer network consisting of over 3,000 workstations, 250 virtual or physical servers (Windows, lnX, Unix) and over 200 network elements. Because the organisation purchased a log management system with limited log management and retention capabilities in the past, it was necessary to find an affordable centralised solution for replacement.
The customer’s specifications required the delivery and implementation of a centralised logs repository to collect security events information from critical systems, servers and applications.
The requirements also specified an option to browse logs using a suitable graphical tool with pre-defined quick search rules (for example searching for changes made to individual systems by administrators, retrieving a list of new MS accounts created in a selected period, reviewing changes in selected user’s access rights or changes in access rights to a selected folder and monitoring of privileged accounts, shared accounts or configuration changes etc.)
The intention was to build a unified logs repository, which would be accessible only to authorised CT staff and exclude the possibility of any editing of the logs by administrators or users.
Project Scope and Description
The Czech Television uses LOGmanager for centralised administration and accounting of logs, IT assets and software. The LOGmanager server currently stores 10 TB of logs (collected over a period of 18 months) from approximately 350 monitored systems.
The implementation process was carried out in collaboration with the vendor and enabled basic use of the solution within 14 days. As the tools are supplied with detailed English and Czech manuals, the full deployment was completed by CT using their own resources.
Které vlastnosti zákazník nejvíce oceňuje?
The Czech Television appreciates the ease of use, speed, time savings, and the range of functionalities supported by the product.
>Processing of events collected from pre-defined log sources across applications, operating systems and network hardware from different vendors
> Open solution for easy integration of systems not directly supported by the vendor
> The possibility to collect events in RAW and Syslog formats
> Windows agent ensuring that the collected events cannot be editet
> Filtering of incoming and stored messages by the administrator
> Consolidation of logs to a centralised location
> Easy searching for events (ad hoc) not requiring any additional programming
> Graphical representation of events – event graphs
> Graphical visualisation of TOP events over a selected time period
> Unified search across all types of data and devices
> Possibility to save filter settings or search results for further processing
> Reporting tool with templates for most common reports and with customisation options and a possibility to create new reports
> Support for processing queries from external monitoring systems to allow further processing of alerts and thresholds
> Web-based interface for system administration
LOGmanager can be easily integrated into existing operating environments in all types of organisations and support any systems used. Very easy integration is one of the strengths of this product.
Integration with Microsoft systems and other platforms provides an option to log (record) and receive events and logs from any network or active elements, security devices, operating systems and application software. The simplicity and ease of use of the application allow to provide information and send alert alerts in line with the requirements specified by ICT administrators.