The iPhone of the SEI (Security Event Integration) Market – SmartLog

I now know that I have to be a total geek and will never make it in sales. IPS, DLP, NAC, AV, app control, URL filtering get all the glamour. More gadgets to build a security empire. But logging….boring.

Until Now!!

Oh my gawd Smartlog is the iPhone of the SEI market. Smartlog will take logs from your whole environment (including syslog) and provide one google like view with google like scalability into real-time events in your environment. Dump you bloated  overpriced RSA Envisions, Arcsights, etc and go to your local CheckPoint retail store and pick up Smartlog for free! Imagine putting google on top of SmartTracker and you have a screaming Event Integration and correlation tool.

Why does this give me such a viagra techie buzz? Because for the first time in my life the damn tool is integrated with the rest of the management environment. Its like 6th graders being able to fly Air Force drones. The controls are all the same all integrated into a single environment. It took me days to figure out RSA Envision and another couple days for the damn queries to complete they were so slow. If you can search google you can search SmartLog. One person can run the whole environment and not a team of silo’d individuals working on specific products. You can get a single vision into your environment and not 10 reports from 10 different tools.

Unified Centralized Management – Once again Check Point hits it out of the park with their strength. Unified Centralized Management. Lower costs to train, maintain, upgrade, etc. Higher availability because fewer people are required to debug the environment because they are using a single tool.  Scalability – like Google scales.

Image

So here are some of the hints when setting up the environment that I can share with you:

  • Separate system with lots of memory. This baby eats memory like chocolate. Go crazy: 64 gig is a nice round number.
  • Big disks 1Tera or more. You will store your logs side by side with the SmartLog index’s. SmartLog increases disk usage by 70%
  • Might as well install SmartEvent and Reporter on same box as your Log Server and Smart Log. They all will work off your local logserver.
  • NOTE: SmartLog will be installed wherever you install a log server. You just have to enable it in dashboard to turn on the indexing. SmartDashboard->Logs->Smartlog
  • Direct your firewalls to log to the log server where SmartLog is residing
  • SmartConsole SmartLog client needs .NET 3.5 SP1. Have to install separately.
  • Index’s for the logs are stored in $SMARTLOGDIR/data/Index*

I’ll update as I learn more about how to best integrate into MDM.

I’m in techie wonder land!!

PeaceOut,

dreez

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

blog.lachmann.org

Michael Endrizzi's - St. Paul MN - CheckPoint blog on topics related to Check Point products and security in general.

%d bloggers like this: