Solutions Architecture
At LogMatrix, we combine Your Logs with Our Analytics to deliver Actionable IntelligenceThis includes flexible and scalable software-only solutions Delivered on a full-featured real-time data analytics platform Support your log capture and archiving needs Meet your compliance reporting requirements Evaluate event activity based on risk levels Monitor the health & performance of your systems
Less time and resources required to support Faster implementations (days - not months) Reduced ongoing manpower requirements Use standards-based hardware & software
The LogMatrix architecture consists of three layers – a collection layer (Collectors and NerveCenter), an analysis layer (LogCenter, EventCenter, and NerveCenter), and a visualization layer (CommandCenter). The collection and analysis layers can scale up and out to support increasing volumes of log data and can easily support over 1 billion events per day. 
Click image to enlarge Collectors (Collection Layer) Collectors interface to the wide variety of infrastructure and application log and event sources and perform filtering , normalization , and aggregation tasks needed for full log management (LogCenter) and unified real-time analysis/alerting (EventCenter). The Collectors capture all events you define to be collected and send them to LogCenter servers for forensics analysis and regulatory compliance reporting. Analysis Layer There are three analysis services provided by the LogMatrix solution: 1) LogCenter provides full log management for compliance and forensics, 2) EventCenter provides real-time event correlation and alerting, and 3) NerveCenter provides fault and performance management for services, networks, and devices. LogCenter (Log Management) LogCenter provides access to historical log data for forensics, compliance reporting, and policy evaluation. Events received from the Collectors are stored in the database in both the normalized format for analysis AND the original log line for evidentiary purposes. EventCenter (SIEM) EventCenter performs real-time event correlation and alerting. It receives risk-based, events-of-interest from the Collectors, performs the event analysis, and generates alerts which it sends to CommandCenter. EventCenter’s primary method of event correlation is a risk-based algorithm which has proven to be extremely effective at detecting threats including zero-day attacks, while minimizing false positives. It is the primary component supporting Security Information & Event Management (SIEM). NerveCenter (Network Management) NerveCenter is a general purpose, real-time, finite-state event modeling tool that enables you to create totally custom event analysis scenarios. As NerveCenter receives pre-defined events-of-interest from the Collectors it generates Alerts to the CommandCenter console. CommandCenter (Visualization Layer; Query & Reporting) All Alert and Event visualization, actions, queries and reports, and configurations are performed through the CommandCenter Console. It is browser-based and is configurable to enable specific views and dashboards to support multiple roles. There is no limit to the number of dashboards that can be configured and access is fully controlled by a role-based access control system. In addition to visualizing Alerts and Events, the Console can be configured to take automated actions and/or Operator initiated actions. The CommandCenter Console provides a single query and reporting interface for both LogCenter and EventCenter. This is critical because an analyst exploring a situation needs to move quickly and easily between the two databases (EventCenter’s short-term, risk-based, event-of-interest database and LogCenter’s long-term, full-log database) with a single mouse click. The CommandCenter Console provides two types of reporting: An Alert View that enables a “drill-down” function displaying event summaries and the actual events that generated an Alert and a general-purpose ad hoc and scheduled query and reporting facility. undefined undefined
|