=========================== Centralised Log Management =========================== ------------------------------------------ Service Requirements and Dependencies ------------------------------------------ ------------------------ Service Overview ------------------------ .. image:: images/syslog/anms_syslog.png ----------------------------- Syslog Inputs (UDP/TCP) ----------------------------- .. image:: images/syslog/syslog_inputs.png ----------------------------------- NetFlow Collector ----------------------------------- .. image:: images/syslog/syslog_netflow1.png .. image:: images/syslog/syslog_netflow2.png ---------------------------------------- Streams ---------------------------------------- .. image:: images/syslog/syslog_streams_windows.png .. image:: images/syslog/syslog_streams_palo_alto.png ----------------------------------- WinLogBeats For Windows OS Systems ----------------------------------- :: # Needed for Graylog fields_under_root: true fields.collector_node_id: ${sidecar.nodeName} fields.gl2_source_collector: ${sidecar.nodeId} output.logstash: hosts: ["syslog_server:5044"] path: data: C:\Program Files\Graylog\sidecar\cache\winlogbeat\data logs: C:\Program Files\Graylog\sidecar\logs tags: - windows winlogbeat: event_logs: - name: Application - name: System - name: Security - name: Microsoft-Windows-Windows Defender/Operational - name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall - name: Microsoft-Windows-PowerShell/Operational .. image:: images/syslog/syslog_ad_audit1.png .. image:: images/syslog/syslog_ad_audit2.png .. image:: images/syslog/syslog_ad_audit3.png ----------------------------------------- FileLogBeats For Linux/Unix/BSD Systems ----------------------------------------- :: # Needed for Graylog fields_under_root: true fields.collector_node_id: ${sidecar.nodeName} fields.gl2_source_collector: ${sidecar.nodeId} fields.source: ${sidecar.nodeName} filebeat.inputs: - input_type: log paths: - /var/log/*.log type: log output.logstash: hosts: ["syslog_server:5048"] path: data: /var/lib/graylog-sidecar/collectors/filebeat/data logs: /var/lib/graylog-sidecar/collectors/filebeat/log ------------------------------------------ Firewall Rules ------------------------------------------ =================== =================== ============ ============ ============ Source Destination Protocol Port Direction =================== =================== ============ ============ ============ Your Network Infra ANMS Syslog Server UDP 1514-1520 Outbound Windows Servers ANMS Syslog Server TCP 5044,9000 Outbound Linux Servers ANMS Syslog Server TCP 5045,9000 Outbound =================== =================== ============ ============ ============ ---------------------------------------- Integration in customer portal ---------------------------------------- .. image:: images/syslog/syslog_summary1.png .. image:: images/syslog/syslog_summary2.png .. image:: images/syslog/syslog_cisco.png .. image:: images/syslog/syslog_windows.png .. image:: images/syslog/syslog_windows_critical.png