Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Synchronized Log Collection Report

by David Schwalenberg
August 27, 2014

Effective log management is an issue for many organizations. This report provides a summary of log sources and monitors audit checks for Network Time Protocol (NTP) settings.

The first step in successful log management is to set a standardized time source on the network. Utilizing a Windows Domain Controller as a NTP server is one common practice. While some organizations synchronize with a known reputable online resource, others obtain an atomic clock or GPS source and run a private NTP server. The NTP source is set using Group Policy or other configuration management tools.

Routers, switches, and other network equipment should be configured to forward logs to the Log Correlation Engine (LCE). Logging can be further enhanced by deploying LCE Clients throughout the network. Monitoring of systems with the LCE Client provides the detailed information needed on the LCE to properly correlate events and discover vulnerabilities. A good practice is to have LCE Clients installed on all servers, and in a best-case scenario, also installed on all workstations. The LCE policies for servers would be more inclusive to capture web server, mail server, or other application logs, while workstation LCE policies can be more limited and only collect malware events and a subset of event logs.

SecurityCenter Continuous View (CV) supports a tight integration with SIEMs, malware defenses, firewalls, network systems, servers, workstations and virtualization systems. The ability of LCE to normalize events from many sources and identify the vulnerabilities is unmatched in the industry. Log normalization is one of the many ways Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance.

The report is available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The report can be easily located in the SecurityCenter Feed under the category Discovery & Detection. The report requirements are:

  • SecurityCenter 4.8
  • Nessus 5.2.7
  • LCE 4.2.2
  • Tenable LCE Client
  • This report requires “Full Text Search” to be enabled for each analyzed repository.

For the related SecurityCenter dashboard, see the Sychronized Log Collection dashboard.

Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.