As log file data flows across an enterprise network, it helps give IT visibility and traceability into events and activities. The upcoming LogLogic 5 release from log vendor LogLogic is aiming to expand that visibility with a universal collection framework for disparate log data coming across a WAN.
Specifically, LogLogic is working to create a new standard protocol for log data transmission that could change the way enterprise collect and analyze that data.
“The Universal Collection Framework lets us pull in all the IT data within an infrastructure, and a key part of that is the Universal Log Data Protocol (ULDP) that we’ve created,” LogLogic CTO Stephen Manley told InternetNews.com. “We really want it to be the way that systems speak IP data information between themselves.”
Manley added that the ULDP subset of the Universal Collection Framework, in its first release with LogLogic 5, is all about enabling WAN awareness of log data. He said that encryption and compression are part of the protocol, as is reliable acknowledgment that log data has been received and committed to stable storage.
“The Universal Collection Framework encompasses everything from centralized management,” Manley said. “The protocol is an integral part of how data is transferred, but you still need to build lots of software layers on top of the protocol to actually realize the value of the data.”
In terms of the underlying tech for ULDP, Manley noted the protocol is layered on top of TCP/IP and uses SSL for the encryption. Manley added that in its first release of ULDP, LogLogic is not supporting the IF-MAP standard, which is being used by security vendors to pass log event data across devices for access control.
LogLogic also has aspirations of ULDP becoming a standard, once it gains some traction after getting out into the market with LogLogic 5, and then growing in use among LogLogic’s partners.
“IETF standardization is a road we’d really like to take with this,” Manley said.
Rival Log management vendor LogRhythm, however, isn’t sold on LogLogic’s protocol initiative.
“The idea of a standardized protocol for transporting and storing log data sounds good in theory, but it’s unrealistic given the hundreds of different types of log sources and vendors,” Mike Reagan, vice president of marketing at LogRhythm, told InternetNews.com.
“A standard like this does more to benefit the vendor than it does the end customer, from both a technological and marketing standpoint,” he added. “Standardization would make it easier for the log management or SIEM vendor, but the positive impact on the end customer is hard to see given the widespread collection and transportation capabilities that exist today. ”
Oracle Enterprise Linux Roots
The LogLogic 5 solution which is scheduled to be available at the end of the third quarter, will also mark a shift in the underlying operating system technology used by LogLogic. The LogLogic solution is a hardware appliance that to date has used a Linux base — actually a custom derivative of the CentOS Red Hat Enterprise Linux clone, Manley said.
With LogLogic 5, however, the company is shifting to Oracle Unbreakable Linux, which is also based on Red Hat Enterprise Linux. Bill Roth, chief marketing officer at LogLogic, told InternetNews.com that the company had been looking for a solution that had a bit more support and didn’t have too high a cost.
He noted that LogLogic also considered Novell’s SUSE Linux, Red Hat and Oracle.
“Oracle came in and was aggressive and helpful,” Roth said. “We’re going to be working with Oracle to tell a broader story about using Oracle Enterprise Linux in the coming months.”