Key Features:

Enterprise Wide Log Collection

Secure and forensically sound collection of logs from almost any source into a central store.

Modular & Scalable Architecture

Designed to support almost any sized IT environment up to thousands of log sources. Supports multiple collection points, with load balancing and resilience built-in.

Real-Time Event Alerting

Configurable to specific log events, sent via Email and/or SNMP traps.

Agent Based Log Management

Ensures the security, continuity and integrity of all collected logs and allows alerting at the log source.

Analytics and Reporting

Flexible analysis, correlation, aggregation and reporting in HTML, PDF, XLS, XML and CSV.

Digitally Signed

An RSA/SHA256 digital signature is calculated and the log digitally signed before transfer. Transfer is authenticated and encrypted using TLS.

Secure Storage

Log cataloguing, chain of custody records, archive creation and management. Archive to secure long term storage, complete with a digitally-signed manifest.

Log Management

Enterprise wide automated management of logs, including log rotation.

ALM Log Sources

Logs and event data enter an ALM system through an ALM agent. For reasons of log data integrity, efficiency and resilience, the preferred option is to install agents on the hosts that create the logs, but agentless deployment is available in order to collect logs remotely.

ALM’s architecture allows collection and management of almost any log or data type, including binary logs, not just simple text files as with many SIEM solutions.

Customers can add additional log sources to meet their unique needs via the optional Assuria Log Source SDK.

ALM Log Collection

Assuria Log Manager (ALM) uses agents to collect log data into a central store. ALM server-side components then process the collected logs from the store, e.g. to normalise and filter selected events into a database, or to export to external systems.

ALM’s collection architecture uses agents to collect data (typically logs, but ALM can collect anything, including screenshots and network packet captures) from a variety of sources. Data sources can be added at will, and include local log files, support for various remote protocols such as Syslog, WMI and OPSEC LEA, and querying of web/cloud services.

The agent collects data in their original format, unchanged, sequence numbered and digitally signed. It then transfers the data via a mutually-authenticated TLS channel to an ALM Collector, which writes the data into a Store. The agent can also generate alerts when specific events appear in the logs that it collects.