Saturday, June 7, 2014

Monitoring perubahan di aplikasi dengan EventLog Analyzer

Salah satu isu yang menarik dalam audit aplikasi adalah apakah kita mengetahui adanya perubahan / penambahan  bahkan penghapusan di dalam aplikasi dan database. Tool Event Log Analyzer akan membantu kita menemukannya.

Home » Event Reports » Application Log Reports

Application Log Reports


The Application Reports provide different reports available for each application.
To view the reports use the following menu options:
  • Home tab > Applications > Host Name: <host name of the machine associated with application>
  • Reports tab > Detailed Application Reports section > View Report: <Application Name> Logs
The Detailed Application Reports section lists the Log TypeReport Description and View Report columns of the reports of each application log. View Report column contains links to open the various reports of the selected application log.
The supported application log types are:

Reports for MS IIS W3C Web Server Logs

Clicking the View Report link opens the Reports for MS IIS W3C Web Server Logs page.
MS IIS Web Server Application Log Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for web server application logs:
  • Hosts Report - the details covered in this report are: Client IP Address, Hits, Page Views, Bytes Sent, and Events
  • Users Report - the details covered in this report are: Username, Hits, Page Views, Bytes Sent, and Events
  • File Type Report - the details covered in this report are: File Type, Hits, Percentage, Bytes Sent, and Events
  • Page URLs Report - the details covered in this report are: URI Stem, Hits, Page Views, Bytes Sent, and Events
  • Browser Usage Report - the details covered in this report are: Browser, Hits, Percentage, and Events
  • OS Usage Report - the details covered in this report are: OS, Hits, Percentage, and Events
  • HTTP Error Status Code Report - the details covered in this report are: HTTP Status, Hits, Percentage, and Events
  • Malicious URL Report - the details covered in this report are: URI Stem, Hits, Percentage, and Events
  • Cross Site Scripting Attempts Report - the details covered in this report are: Client IP Address, User Name, and Events
  • SQL Injection Attempts Report - the details covered in this report are: Client IP Address, User Name, and Events

Reports for MS IIS W3C FTP Server Logs

 Clicking the View Report link opens the Reports for MS IIS W3C FTP Server Logs page.
MS IIS FTP Server Application Log Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for FTP server application logs:
  • Hosts Report - the details covered in this report are: Client IP Address, Bytes Sent, Bytes Received, and Events
  • Users Report - the details covered in this report are: Username, Bytes Sent, Bytes Received, and Events
  • File Type Report - the details covered in this report are: File Type, File Transfers, Bytes Sent, Bytes Received, and Events
  • Server Services Report - the details covered in this report are: Server Service, File Transfers, Bytes Sent, Bytes Received, and Events
  • Server IPs Report - the details covered in this report are: Server IP Address, File Transfers, Bytes Sent, Bytes Received, and Events
  • Source Port Report - the details covered in this report are: Server Port, File Transfers, Bytes Sent, Bytes Received, and Events

Reports for DHCP Windows Server Logs

Clicking the View Report link opens the Reports for DHCP Windows Server Logs page.
DHCP Windows Server Application Log Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for DHCP windows server application logs:
  • Lease Report - the details covered in this report are: Lease Report and Events
  • BOOTP lease report - the details covered in this report are: Events
  • DNS dynamic update report - the details covered in this report are: DNS update details and Events. The DNS update details are, DNS dynamic update request and DNS dynamic update successful
  • Rogue server detection report - the details covered in this report are: Events
  • IP-Event report - the details covered in this report are: IP Address and Events
  • MAC-Event report - the details covered in this report are: MAC Address and Events

Reports for DHCP Linux Server Logs

 Clicking the View Report link opens the Reports for DHCP Linux Server Logs page.
DHCP Linux Server Application Log Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for DHCP Linux server application logs:
  • Operations Report - the details covered in this report are: Operation and Events. The operations are: DHCPREQUEST, DHCPNAK, DHCPDISCOVER, DHCPOFFER, DHCPACK, DHCPINFORM, if IN, delete, Wrote, DHCPRELEASE, and Abandoning IP
  • MAC-Event report - the details covered in this report are: MAC Address and Events
  • Client Gateway Report - the details covered in this report are: Gateway and Events
  • IP-Event report - the details covered in this report are: IP Address and Events
  • Single Page Summary Report - the details covered in this report are: Logging device, Operation, IP Address, MAC Address, Gateway, and Events

Reports for MS SQL Server Logs

For MS SQL, you will have two reports - MSSQL Error logs report and MSSQL Audit logs report. To get the MS SQL error logs report, you'll have to import the MS SQL error logs. To get MS SQL Audit logs, you need to enable auditing in MS SQL Server.
Reports for MS SQL Error Logs
 Clicking the View Report link of the application type MSSQL Error logs,opens the Reports for MS SQL Database Server Logs page.
MS SQL Database Server Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for MS SQL database server application logs:
  • Successful Trusted Logins - the details covered in this report are: Username and Events
  • Successful Non-Trusted Logins - the details covered in this report are: Username and Events
  • Failed User Logins - the details covered in this report are: Username and Events
  • Insufficient Resources Events - the details covered in this report are: Events
Report for MS SQL Audit Logs
MS SQL Audit Logging is supported for MS SQL Enterprise and Datacenter Editions alone
Click on View Reports link of MSSQL audit logs application type, to open its report page
Audit Logs Report Page
  1. The host table section of the Reports Page displays the name of the host (from which the MSSQL audit logs are being collected) and their corresponding audit log event counts classified based on the  Critical, Error, Information and Warning severity. This table also displays the total audit log event counts.By clicking on the event count, you can drill down to the raw log level
  2. The reports section displays various predefined reports generated along with their event counts. Here is the list of predefined reports generated by EventLog Analyzer for MSSQL Audit logs
    • Server Startup
    • Server Shutdown
    • Create Table
    • Alter Table
    • Drop Table
    • Create Login
    • Drop Login
    • Create User
    • Alter User
    • Drop User
    • Successful Login
    • Failure Login
    • Alter login
    • Login Password Change

Reports for Oracle Audit Logs

 Clicking the View Report link opens the Reports for Oracle Database Server Logs page.
Oracle Database Server Application Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for Oracle database server application logs:
  • Create Table - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$CREATOR, OBJ$NAME, and Time
  • Drop Table - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$CREATOR, OBJ$NAME, and Time
  • Alter Table - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$CREATOR, OBJ$NAME, and Time
  • Alter User - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$NAME, and Time
  • Alter System - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, and Time
  • Create User - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$NAME, and Time
  • Drop User - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, OBJ$NAME, and Time
  • Logon - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, and Time
  • Logoff - the details covered in this report are: SESSIONID, ENTRYID, USERID, USERHOST, TERMINAL, RETURNCODE, and Time
  • Connect - the details covered in this report are: DATABASE USER, PRIVILEGE, CLIENT USER, CLIENT TERMINAL, Status, and Time
  • Shutdown - the details covered in this report are: DATABASE USER, PRIVILEGE, CLIENT USER, CLIENT TERMINAL, Status, and Time
  • Startup - the details covered in this report are: DATABASE USER, PRIVILEGE, CLIENT USER, CLIENT TERMINAL, Status, and Time
  • All Logs - This is created only as a custom report and is not available as a pre-built report

Reports for Print Server Logs

 Clicking the View Report link opens the Reports for Print Server Logs page.
Print Server Application Log Report
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for Print server application logs:
  • Print Server Hosts Overview - the details covered in this report are: Print Servers and Job Count
  • Print Server Usage Overview - the details covered in this report are: Print Server, Printed Pages, and Jobs
  • Printer Usage Overview - the details covered in this report are: Printer, Printed Pages, and Jobs
  • Printer Usage based on User Name - the details covered in this report are: User Name, Printed Pages, and Jobs
  • Print Job Reports - the details covered in this report are: Reports and Total Counts and the Reports are, Print Usage, Paused Document, Resumed Document, Deleted Documen, Moved Document, Timed Out Document, Corrupted Document, Priority Changed Document, and Insufficient Privilege Document

Reports for Apache Web Server Logs

 Clicking the View Report link opens the Reports for Apache Web Server Logs page.
Reports for Apache Web Server Logs
The Overview section on top of the page displays the event count in the Event Count table. In the table event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table. Below the Event Count table, the page displays the event count for each host under Hosts sub section. In the Hosts table, the host names are listed under Name column and event count is classified based on the severity Critical, Error, Warning, Information, and Total and displayed in the columns of the table against each host. The Report section at bottom of the page displays the various reports generated in the Report column of the table. The total events and top events of each report are listed in the Total Events and Top Events columns. There are delete icon links against each report to delete the report. The Report section header contains Edit Report List link to edit list of reports for the application. A report can be removed or added to the list from the link menu option.
EventLog Analyzer generates the following pre-defined reports for Apache web server application logs:
  • Client Error Report
  • Information Report
  • Redirection Report
  • Server Error Report
  • Successful
The details covered in the above reports are: Address, Status Code, Referrers, User Agents, and Event



 
Copyright © 2013, ZOHO Corp. All Rights Reserved.
ManageEngine

Friday, June 6, 2014

Apakah manajemen Anda peduli kondisi network Anda?


Networks are the glue that allow users to function effectively in their daily tasks, yet a recent report by Freeform Dynamics (link to report: XXX) based on a survey of readers of the Register shows many of you are using old equipment that is hard to manage. This begs the question, “does senior management really care about the state of enterprise networks, or are they happy to take it for granted until something breaks”? (Figure 1)
Figure 1
Figure 1
It is evident that a majority of the networks you operate are fragmented and difficult to manage. The odds are that many of the essentials of your networks may have been put in place over the course of the last five, ten, or perhaps fifteen years. There is even a chance that it was never really architected as a whole but has been built in a disorganized fashion to cater for individual application requirements case by case.
When we asked what problems managing the performance, availability and security of the applications on which your organisations depend, your replies were very clear. (Figure 2)
Figure 2
Figure 2
The majority of readers who took part in the survey confirm there are challenges with respect to application performance and availability. The problems are not only about slow response times or systems being unavailable, but include the question of performance consistency. Fifteen years ago most users were annoyed, if unsurprised, when network connectivity was lost or service quality deteriorated.
Today users complain if performance isn’t consistently perfect, regardless of where they are working, how they are connected or the devices and networks they are using. Perhaps more importantly, over half of Reg readers taking part indicated that unplanned outages are causing business disruption.
This takes us on the question of how good are your management capabilities, and do you see any areas where you should be looking to beef things up? (Figure 3)
Figure 3
Figure 3
The answers you gave in the survey show that you have obvious capability shortfalls evident in nearly every area of network performance and availability. The fact that a majority of readers highlight all areas as targets for improvement confirms you see a real need for them. But what might actually trigger changes to your application delivery networks and how you administer them? (Figure 4)
Figure 4
Figure 4
As can be seen in Figure 4, new ways of handling application delivery requirements can be initiated by a range of events. With nearly four out every five Reg readers acknowledging running old technology with functionality gaps (Figure 2), it is no surprise you see existing equipment reaching end of life to be the most likely initiator of change.
Other triggers for over half of you include major business application upgrades, web site development and increased security demands. Even modifications to regulatory requirements and Exchange / SharePoint upgrades are mentioned by two out of five readers.
The danger is that any modifications to the enterprise application access infrastructure resulting from the investment prompts noted above could simply lead to piecemeal implementation of new networking solutions without changing the way networks are managed as a whole. Such an approach perpetuates the fragmentation you already acknowledge to exist in your networks. It is also likely to further exacerbate any operational management difficulties you have.
A new approach is needed, one where the performance, availability and security aspects of application access for every service are assessed individually. A network then needs to be built able to handle the new demands being placed upon it, one with better management characteristics that demand less of time to keep operational and secure.
The first challenge is to convince your budget holders it’s time to invest in redesigning the corporate application access and security networks. The second, equally daunting, challenge involves how do you upgrade your network architecture and management processes without negatively impacting service levels? This is the IT equivalent of changing the tyres on a racing car while it is tearing around the circuit in the middle of a Formula One Grand Prix.
How are you going to get hold of the time and resources to make these changes and how do you plan to make the upgrades? Let us have your thoughts in the comments below. Equally, if you have already changed things, please let know how you made the transition.

Map Security needs to DevSecOps tools in SDLC.

  Map Security needs to DevSecOps tools in SDLC. Implementing DevSecOps effectively into the SDLC involves adopting the right tools, adaptin...