HP Integrity rx8620 Base System A7026A Fascicule
Codes de produits
A7026A
Introduction
As corporate IT systems continue to expand in size and complexity, so does the need to effectively
monitor and mange these systems. The objective is to enhance response time, achieve maximum
availability, and lower costs―all the while reducing security risks and complying with government
regulations.
The ‘event’ is the fundamental data unit used for system monitoring. Events are ASCII messages that
The ‘event’ is the fundamental data unit used for system monitoring. Events are ASCII messages that
are typically stored in flat files known as a log file. Each system component generates events that
indicate something of significance has happened for that component. System components include
perimeter network components, internal network infrastructure components, security devices,
application middleware, business applications, and databases.
Until now, enterprise event data has been selectively collected and sampled, or collected but seldom
application middleware, business applications, and databases.
Until now, enterprise event data has been selectively collected and sampled, or collected but seldom
used or maintained. However, for continuous-process enhancement, corporate governance, and
compliance mandates, this situation is no longer tenable.
As a result, several strategies have emerged for using event data to better manage IT systems. Initially,
As a result, several strategies have emerged for using event data to better manage IT systems. Initially,
the event data stored in log files was made available for visual inspection. System administrators
analyzed it using time-consuming ad-hoc methodologies, such as home-grown tools and scripts. These
methodologies grew more difficult, tedious, error prone and, in some cases, impossible to use. As
event-data volume grew beyond the ability for manual methods to derive value from it, a variety of
event-data volume grew beyond the ability for manual methods to derive value from it, a variety of
commercial log analysis tools focused on exposing web site access trends to improve the effectiveness
of web sites for marketing and customer acquisition purposes.
As security incidents became significant IT issues, events were used to detect, analyze, and prevent
As security incidents became significant IT issues, events were used to detect, analyze, and prevent
security breaches. Now, event data is used in two fundamental ways. First, it is used to monitor the
flow of events, correlate events in real time, and detect security intrusion patterns―security response.
flow of events, correlate events in real time, and detect security intrusion patterns―security response.
Second, event data are stored for longer time periods providing historical trend analysis,
investigation, compliance reporting and audit support―security analytics.
By storing and managing event data for longer periods, a consistent framework is established for
security analytics, forensic investigation, and root cause analysis. By combining events from all system
By storing and managing event data for longer periods, a consistent framework is established for
security analytics, forensic investigation, and root cause analysis. By combining events from all system
components into a central location, security staff can examine one homogeneous log instead of
several heterogeneous ones. Consequently, an analyst is able to use his/her time more efficiently.
In addition to its use for security purposes, event data is also being used for system management to
help monitor and improve the operating efficiency of computer systems.
This white paper examines the demands and scalability challenges, associated with managing,
In addition to its use for security purposes, event data is also being used for system management to
help monitor and improve the operating efficiency of computer systems.
This white paper examines the demands and scalability challenges, associated with managing,
analyzing, and storing events for the purposes of compliance, security and system management. This
paper discusses trends and forces that are shaping event data management and storage
requirements. It explains why Relational Database Management Systems (RDBMSs) were initially
requirements. It explains why Relational Database Management Systems (RDBMSs) were initially
adopted for managing event data. Then, the paper goes on to illustrate the inherent limitations of
RDBMSs for enabling security analysis and retention. Specifically, the paper addresses aspects of
event data that distinguish it from generic business data. In conclusion, it introduces the HP
Compliance Log Warehouse (CLW) solution and describes its advantages for storing, managing, and
Compliance Log Warehouse (CLW) solution and describes its advantages for storing, managing, and
analyzing event data. The paper shows how the solution meets security compliance and investigation
requirements within gigabit-class network environments.
2