Download Unified Log Management and Quick Matching Capability

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts
no text concepts found
Transcript 
eSight Smart Reporter
<<<<<<< Linkbar star>>>>>>>
Brochure
Support
Software
Partner Materials
<<<<<<< Linkbar end>>>>>>>
tabRegion_start
<<<<<<<tab title starting>>>>>>
Features
Operating Environment
Deployment Scenarios
Ordering Information
<<<<<<<tab title ending>>>>>>>
<<<<<<<产品规格_star>>>>>>>
Unified Log Management and Quick Matching Capability
<<<<<<<List_star>>>>>>>

eSight LogCenter supports multiple log collection modes, including Syslog, session, SFTP,
FTP static file, FTP dynamic file, and Windows Management Instrumentation (WMI). Users
can collect, classify, filter, summarize, analyze, store, and monitor logs reported from the
application systems or NEs to help the administrator manage massive logs and learn NE
running status, trace network user behaviors, and quickly recognize and eliminate security
risks.

eSight LogCenter supports prompt notifications of key logs. The administrator can customize
keywords, log type, and log level thresholds. When logs match customized keywords, log
type, or log level, eSight LogCenter generates alarms in real time and notifies users through
SMS messages or emails.
<<<<<<<List_end>>>>>>>
Professional NAT Tracing and Automatic Association with User
information to Meet Secure Audit Requirements
eSight LogCenter collects and analyzes logs about sessions on NAT devices to obtain NAT information, including
the IP address, destination port, NAT source IP address, and protocols. eSight LogCenter uses the NAT
information and the data source provided by the Authentication, Authorization and Accounting (AAA) server to
ensure secure audit and traffic investigation.
Profound User Online Behavior Analysis
eSight LogCenter works with Huawei USG and ASG devices to analyze user online behaviors, including user
traffic, online time, keywords, web access trends, emails, applications, network threats, and outgoing files.
Rich Security Event Analysis Reports Showing Network Security
Status
eSight LogCenter collects security event logs about network security devices and systems, such as Huawei
network UTM system, firewalls, intrusion protection system, and Anti-DDoS system, analyzes them, and
generates reports to help users learn the network security status. eSight LogCenter supports DDoS attack event
analysis, plug-in block analysis, access control event analysis, policy matching analysis, IPS analysis, URL filter
analysis, and email filter analysis.
Million-level Log Processing per Second, Meeting Requirements of
State-level Network Auditing
eSight LogCenter meets the performance requirements of state-level network auditing and collects and audits
millions of system logs in a second, supporting high-performance log collection, storage, and audit functions for
large and ultra large networks.
<<<<<<<产品规格_end>>>>>>>
<<<<<<<产品规格_star>>>>>>>
eSight LogCenter Manager can be deployed on the same server as eSight Unified Network Management Platform
standard or professional edition, or on a different one. When they are configured on different servers, configuration
requirements are as follows:
<<<<<<<table starting>>>>>>>
Table
Operating System
Configuration Requirement
Windows Server 2008
CPU: 1 x hexa-core 2 GHz or higher
R2 standard
Memory: 8 GB
Disk space: 36 TB (The recommended available disk space is
33 TB.)
Database: MySQL 5.5, Microsoft SQL Server 2008 R2 standard
PC servers are recommended.
LogCenter supports distributed deployment. Determine the
hardware specifications and the number of servers based on the
network scale.
Table
<<<<<<<table ending>>>>>>>
<<<<<<<产品规格_end>>>>>>>
<<<<<<<产品规格_star>>>>>>>
eSight LogCenter network can be deployed in centralized or distributed ways.
Distributed deployment: The Log Collector and the Log Analyzer are deployed separately on two servers.
Log Collector: Receives, summarizes, formats, filters, counts, and stores logs and generates alarms.
Log Analyzer: Manages policies, reports, devices, systems, and users.
Log Console: Provides an interaction GUI for managing foreground and background using the web.
Centralized deployment: When performance requirements are low, eSight LogCenter can also be deployed in a
centralized way.
When fewer than 2,000 logs are managed every second in an SMB project, eSight LogCenter and an eSight
application base can be deployed on the same server.
<<<<<<<产品规格_end>>>>>>>
<<<<<<<产品规格_star>>>>>>>
<<<<<<<table starting>>>>>>>
Table
Description
Quantity
Remarks
Range
Basic log management
1
Mandatory
0 or 1
Optional. Extended functions include
functions on eSight LogCenter
(including a small-scale log
management license)
Extended eSight LogCenter
management function
third-party device log management and
components (including
identity association.
third-party device log
management and identity
association)
eSight LogCenter log
0 or 1
Optional. The basic and expansible packages
management function
are included.
promotion packages
Small-scale log management
Optional
Optional. The log management capability is
license (managing 250 Syslog
controlled by EPS (that is, the number of
logs every second for about 25
logs collected every second). The value is
devices, tracing 1,250 NAT
calculated assuming that 10 Syslog logs are
logs with 250 Mbit/s outgoing
collected on each device every second, and
bandwidth, and supporting 250
five session logs are generated on 1 Mbit/s
GB storage for about 60 days)
bandwidth every second.
Medium-scale log management
Optional
Project requirements in most scenarios can
be met. Requirements can also be adjusted if
license (managing 1,000 Syslog
customer requirements are decreased or
logs every second for about
increased. For example, if most devices on
100 devices, tracing 5,000
the user network are switches, which send
NAT logs with 1 Gbit/s
fewer Syslog logs, a small-scale package can
outgoing bandwidth, and
manage a network consisting of 100 NEs;
supporting 1 TB storage for
however, if the user network outgoing
about 60 days)
bandwidth is 200 Mbit/s, while more than
Large-scale log management
Optional
2,000 sessions are generated each second,
license (managing 2,500 Syslog
two small-scale packages can be used as
logs every second for about
required.
250 devices, tracing 125,000
NAT logs with 2.5 Gbit/s
outgoing bandwidth, and
supporting 2.5 TB storage for
about 60 days)
Storage expansion license for
log management components
Optional
The log storage expansion license is
of eSight LogCenter-1 TB
optional.
Configured only on one Log
Collector
Storage expansion license for
Optional
log management components
of eSight LogCenter-10 TB
Configured only on one Log
Collector
Storage expansion license for
Optional
log management components
of eSight LogCenter-30 TB
Configured only on one Log
Collector
Table
<<<<<<<table ending>>>>>>>
<<<<<<<产品规格_end>>>>>>>
<<<<<<<tabRegion_end>>>>>>>
Related documents