Blacksands Virtual Receiver provides two types of logs, network logs and Virtual Receiver local application logs. Virtual Receiver local application logs consists of Action and Request logs.
- Definitions
Kernel syslog facility - a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity label.
Blacksands log Facility - JSON string using the ISO 8601 date time format
Action logs - events that occur between Virtual Receiver and Manager
Request logs - events that occur between User and Virtual Receiver
- Explanation
Network logs come from the Kernel syslog facility and follow two rules, allowed or blocked (see diagram 1)
Blacksands Action and Request logs are processed by the Blacksands Log Facility.
Diagram 2 shows the events to be processed by the Virtual Receiver from the Manager.
Diagram 3 shows the events being processed between the User and Virtual Receiver.
Blacksands can work with a customer in setting up Blacksands Parsers within the customer SIEM or log collector.
Comments
0 comments
Article is closed for comments.