cloud based log analysis and visualization
play

Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, - PowerPoint PPT Presentation

Oct 14, 2023 •9 likes •439 views

Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, France My syslog mobile-166 Ra fg ael Marty - @zrlram Tuesday, July 6, 2010 Ra fg ael (Ra fg y) Marty Founder @ Chief Security Strategist and Product Manager @ Splunk

  1. Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, France My syslog mobile-166 Ra fg ael Marty - @zrlram Tuesday, July 6, 2010

  2. Ra fg ael (Ra fg y) Marty • Founder @ • Chief Security Strategist and Product Manager @ Splunk • Manager Solutions @ ArcSight • Intrusion Detection Research @ IBM Research • IT Security Consultant @ PriceWaterhouse Coopers Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 Logging as a Service (c) by Ra fg ael Marty 2 Tuesday, July 6, 2010

  3. Agenda •Do it Yourself •Introduction • AfterGlow •Visualization • Google Visualization API •InfoViz Process •Visualization Use-Cases •Visualization Tools •Visualization Resources •The Cloud •Loggly Logging as a Service (c) by Ra fg ael Marty 3 Tuesday, July 6, 2010

  4. Open Your Eyes Logging as a Service (c) by Ra fg ael Marty 4 Tuesday, July 6, 2010

  5. Security Is About Seeing Logging as a Service (c) by Ra fg ael Marty 5 Tuesday, July 6, 2010

  6. Goals - Learn how you can - use visualization to help solve security problems - leverage the cloud to build security visualization tools Logging as a Service (c) by Ra fg ael Marty 6 Tuesday, July 6, 2010

  7. Information Visualization? A picture is worth a thousand log records. Inspire Explore and Discover Answer a Increase Pose a New Communicate Support Question Question Efficiency Information Decisions Logging as a Service (c) by Ra fg ael Marty 7 Tuesday, July 6, 2010

  8. Visualization and The Cloud 8 Tuesday, July 6, 2010

  9. InfoViz Process Process Visualize Collect • Visualization Tools • large-scale data collection • Your parsers • and Libraries • and processing • Standard formats Logging as a Service (c) by Ra fg ael Marty 9 Tuesday, July 6, 2010

  10. Collect 10 Tuesday, July 6, 2010

  11. Log Management • Log Collection and Centralization • Log Storage • Log Filtering • Log Aggregation • Log Search and Extraction • Log Retention and Archiving Logging as a Service (c) by Ra fg ael Marty 11 Tuesday, July 6, 2010

  12. Process 12 Tuesday, July 6, 2010

  13. Standard Formats • Multiple formats Oct 13 20:00:43.874401 rule 193/0(match): block in on xl0: 212.251.89.126.3859 >: S 1818630320:1818630320(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) Oct 13 20:00:43 fwbox local4:warn|warning fw07 %PIX-4-106023: Deny tcp src internet: 212.251.89.126/3859 dst 212.254.110.98/135 by access-group "internet_access_in" Oct 13 20:00:43 fwbox kernel: DROPPED IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:cc: 81:40:94:08:00 SRC=212.251.89.126 DST=212.254.110.98 LEN=576 TOS=0x00 PREC=0x00 TTL=255 ID=8624 PROTO=TCP SPT=3859 DPT=135 LEN=556 • Log Standards ‣ SDEE ‣ WELF ‣ CEE (cee.mitre.org) ‣ CBE ‣ XDAS ‣ IDMEF Logging as a Service (c) by Ra fg ael Marty 13 Tuesday, July 6, 2010

  14. Normalization • Parsers “To analyze or separate (input, for example) into more easily processed components.” (answers.com) • Generate a common output format for vis-tools (e.g., CSV) • For example /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g ‣ Regex ‣ http://secviz.org/content/parser-exchange Logging as a Service (c) by Ra fg ael Marty 14 Tuesday, July 6, 2010

  15. Visualize 15 Tuesday, July 6, 2010

  16. Choose Your Poison Logging as a Service (c) by Ra fg ael Marty 16 Tuesday, July 6, 2010

  17. Reporting vs. Visualization • Reporting Libraries • Visualization Libraries - HighCharts - TheJIT - Flot - Graphael - Google Chart API - Protovis - Open Flash Chart - ProcessingJS - Flare JavaScript vs. Flash vs. XYZ Logging as a Service (c) by Ra fg ael Marty 17 Tuesday, July 6, 2010

  18. HighCharts • Click-Through • On load - near real-time updates • AJAX data input via JSON • Zoom http://www.highcharts.com/ Logging as a Service (c) by Ra fg ael Marty 18 Tuesday, July 6, 2010

  19. Google Visualization API http://code.google.com/apis/visualization/interactive_charts.html • JavaScript • Based on DataTables() • Many graphs • Playground - http://code.google.com/apis/ajax/playground Logging as a Service (c) by Ra fg ael Marty 19 Tuesday, July 6, 2010

  20. ProtoVis • JavaScript based visualization library • Charting • Treemaps • BoxPlots • Parallel Coordinates • etc. http://vis.stanford.edu/protovis/ Logging as a Service (c) by Ra fg ael Marty 20 Tuesday, July 6, 2010

  21. TheJIT http://thejit.org/ • JavaScript InfoVis Toolkit • Interactive • Link Graphs Logging as a Service (c) by Ra fg ael Marty 21 Tuesday, July 6, 2010

  22. Processing •Visualization library •Java based •Interactive (event handling) •Number of libraries to - draw in OpenGL - read XML files - write PDF files •Processing JS - JavaScript http://processingjs.org/ - HTML 5 Canvas http://processing.org/ - Web IDE Logging as a Service (c) by Ra fg ael Marty 22 Tuesday, July 6, 2010

  23. Building Your Own 23 Tuesday, July 6, 2010

  24. Build Your Own AfterGlow Loggly Regexes Google Vis Logging as a Service (c) by Ra fg ael Marty 24 Tuesday, July 6, 2010

  25. Data Collection in the Cloud 25 Tuesday, July 6, 2010

  26. The (public) Cloud What it is Types • multi-tenancy • SaaS - Software • PaaS - Platform • elastic • IaaS - Infrastructure • “infinite” resources Benefits • pay as you go • No installation • self provisioning • No elaborate configurations It’s not • No maintenance • private data center • Great scalability • virtualization • 7x24 availability Logging as a Service (c) by Ra fg ael Marty 26 Tuesday, July 6, 2010

  27. LaaS - Logging as a Service • All your data in one place • Loggly manages your data (index, store, archive, etc.) • Extremely fast search across all your data • Data source agnostic (no parsers) • Data management • access control • data segregation • data overview and summaries • API access Logging as a Service (c) by Ra fg ael Marty 27 Tuesday, July 6, 2010

  28. Loggly Architecture Loggly Data Sources Clients user interface My syslog mobile-166 Data collection API Data access Proxies Distributed indexing and Indexers and Search Machines processing Distributed data store Logging as a Service (c) by Ra fg ael Marty 28 Tuesday, July 6, 2010

  29. Loggly APIs • URL format: http://wiki.loggly.com/api-documentation http:// < subdomain > .loggly.com/api/< resource > • RESTful API HTTP Based - Access through: /api/< resource > • GET - read • POST - create - JSON, XML, JSONP output • PUT - update • Authentication • DELETE - delete - Basic auth - oAuth syslog to: http:// loggly. loggly.com/api/ search /?q=error User: guest / Password: loggly logs.loggly.com:514 Logging as a Service (c) by Ra fg ael Marty 29 Tuesday, July 6, 2010

  30. Search http://[domain].loggly.com/api/search?q=404 { "data": [ { "indexed": "2010-07-03T17:17:38.909Z", "ip": "75.101.249.172", " text ": " Oct 13 20:00:38.018152 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 62.2.32.250.53: 34388 [1au] [|domain] (DF) ", "inputname": "logglyweb", "timestamp": "2010-07-03 10:17:38" }, { "indexed": "2010-07-03T17:17:37.879Z", "ip": "75.101.249.172", " text ": " Oct 13 20:00:38.115862 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.134.0.49.53: 49962 [1au] [|domain] (DF) ", "inputname": "logglyapp", "timestamp": "2010-07-03 10:17:37" }, ... Logging as a Service (c) by Ra fg ael Marty 30 Tuesday, July 6, 2010

  31. Parser Oct 13 20:00:38.018152 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 62.2.32.250.53: 34388 [1au][|domain] (DF) Raw Oct 13 20:00:38.115862 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.134.0.49.53: 49962 [1au][|domain] (DF) Oct 13 20:00:38.157238 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 194.25.2.133.53: 14434 [1au][|domain] (DF) (.*) rule ([-\d]+\/\d+)\(.*?\): (pass|block) (in|out) on (\w+): (\d+\.\d+\.\d+\.\d+)\.?(\d*) [<>] Regex / Parser (\d+\.\d+\.\d+\.\d+)\.?(\d*): (.*) Oct 13 20:00:38.018152,57/0,match,pass,in,xl1,195.141.69.45,1030,62.2.32.250,53,34388 [1au][|domain] (DF) Normalized Oct 13 20:00:38.115862,57/0,match,pass,in,xl1,195.141.69.45,1030,192.134.0.49,53,49962 [1au][|domain] (DF) (CSV) Oct 13 20:00:38.157238,57/0,match,pass,in,xl1,195.141.69.45,1030,194.25.2.133,53,14434 [1au][|domain] (DF) Logging as a Service (c) by Ra fg ael Marty 31 Tuesday, July 6, 2010

  32. Visualize AfterGlow Parser Grapher CSV file Graph file digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, Configuration fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; color.source =“green” if ($fields[0] ne “d”) "aaelenes" -> "Printing Resume" ; cluster.target =regex_replace("(\\d\+)\\.")."/8" "abbe" -> "Information Encryption" ; threshold.event =5 "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; size.target =$fields[1] } http://afterglow.sf.net Logging as a Service (c) by Ra fg ael Marty 32 Tuesday, July 6, 2010

  33. AfterGlow Cloud Loggly Grapher JSON CSV DOT Graph Logging as a Service (c) by Ra fg ael Marty 33 Tuesday, July 6, 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario Berzano R.Meusel, G.Lestaris, I.Charalampidis, G.Ganis, P .Buncic, J.Blomer CERN PH-SFT CHEP2013 - Amsterdam, 15.10.2013 A cloud-aware analysis

581 views • 20 slides
Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard

Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard

Symposium on Software Performance 2019 Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard Mller and Matteo Fischer SSP 2019 | Graph-Based Analysis and Visualization of Software Traces WHY GRAPHS?

404 views • 19 slides
The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* ,

The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* ,

The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* , Chaoshun Zuo * , Ruian Duan, Ranjita Pai Kasturi, Zhiqiang Lin, Brendan Saltaformaggio *First Co-Authors Conference Conference Conference More

1.33k views • 100 slides
Topological data analysis and topology-based visualization Leila De Floriani Topology-based

Topological data analysis and topology-based visualization Leila De Floriani Topology-based

Topological data analysis and topology-based visualization Leila De Floriani Topology-based methods v Why topology? topology deals with qualitative geometric information , thus v providing a structural description of data topological

298 views • 10 slides
Cloud based systems that can help you grow your business Some of the cloud based tools we use at

Cloud based systems that can help you grow your business Some of the cloud based tools we use at

Cloud based systems that can help you grow your business Some of the cloud based tools we use at Business Connected Dashlane Crunchboards Trello icloud Adobe Creative Cloud Proposify Receipt Bank Maxmail Dropbox Go to Meeting Mailchimp

328 views • 21 slides
Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire

Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire

Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire Jason Ye University of Virginia What is a tag-cloud?

678 views • 13 slides
Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services

Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services

Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services &quot;Content-Centered Collaboration Spaces in the Cloud&quot; by:John S. Erickson et al. IEEE Internet Computing, September/October 2009, pages

477 views • 15 slides
Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization

Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization

Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization Presentation Dissemination 1 CSE 6242 / CX 4242 1. How to Identify Vis Issues? 2. Class Project Duen Horng (Polo) Chau Georgia Tech Partly based on

696 views • 65 slides
Programming, Data Management and Visualization Module E: Data analysis &amp; visualization

Programming, Data Management and Visualization Module E: Data analysis &amp; visualization

Programming, Data Management and Visualization Module E: Data analysis &amp; visualization Alexander Ahammer Department of Economics, Johannes Kepler University, Linz, Austria Christian Doppler Laboratory Ageing, Health, and the Labor Market,

1.01k views • 54 slides
CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous

CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous

CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous Performances in Cloud Monitoring nodes instead of monitoring applications Computing Systems Scale : Trade-off between system scalability

150 views • 3 slides
H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp;

H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp;

H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp; Evaluation Khairi Reda | redak@iu.edu School of Informa5cs &amp; Compu5ng, IUPUI Raw user data Processed Data plots Visualization data pre- visual

690 views • 46 slides
NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS

NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS

April 4-7, 2016 | Silicon Valley NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS 22 27 31 38 42 17 22 27 31 38 13 17 22 27 31 6 13 17 22 27 2 6 13 17 22 2 POST HOC VISUALIZATION AND ANALYSIS

700 views • 20 slides
Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph Design Application Flow Event Multi-field Visualization Visualization Visualization Uncertainty Geo-spatial Tensor Medical Visualization

559 views • 30 slides
Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing Hypervisor Based Malware Analysis and Visualization Danny Quist Danny Quist Lorie Liebrock New Mexico Tech Computer Science Dept. Offensive

898 views • 64 slides
Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis

Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis

Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis and Visualization for Petascale Computing August 6, 2009 Flow Illustration with Integral Surfaces (with Hari Krishnan, Ken Joy) Integration-Based

673 views • 52 slides
Towards a cloud-based computing and analysis framework to process environmental science big data

Towards a cloud-based computing and analysis framework to process environmental science big data

Towards a cloud-based computing and analysis framework to process environmental science big data Eleonora Luppi, Sebastiano Fabio Schifano, Luca Tomassetti University of Ferrara, Italy 1 Introduction Environmental sciences use data coming

709 views • 31 slides
Polyglot data science the force awakens with F#, R and D3.js Evelina Gabasova @evelgab Tomas

Polyglot data science the force awakens with F#, R and D3.js Evelina Gabasova @evelgab Tomas

Polyglot data science the force awakens with F#, R and D3.js Evelina Gabasova @evelgab Tomas Petricek @tomaspetricek Part I F# with type providers fslab.org : Doing data science using F# The data science workflow Data access with type

848 views • 59 slides
s sss sss ts

s sss sss ts

s sss sss ts t t r t rstrt t t

677 views • 40 slides
OpenAPIs as a digital business platform enabler for investment and trading Michel Andr CTO

OpenAPIs as a digital business platform enabler for investment and trading Michel Andr CTO

OpenAPIs as a digital business platform enabler for investment and trading Michel Andr CTO Executive Vice President - Saxo Bank A/S Open APIs and platforms key points Opening up your business using open apis allows you to Become more

450 views • 34 slides
3

3

8/6/2018 Evaluating Chaplain Chart Notes Webinar Three in a Four part Series July-August, 2018 Gordon J. Hilsman, D. Min. 3 o1 3 Copywrite

312 views • 9 slides
Harness the Power of the ABL and BIRT for Business Forms Generation Presented By: Chris Longo

Harness the Power of the ABL and BIRT for Business Forms Generation Presented By: Chris Longo

Harness the Power of the ABL and BIRT for Business Forms Generation Presented By: Chris Longo Senior Consultant BravePoint BIRT Business Forms Generation Agenda BIRT Overview BIRT Report Designer Integrating BIRT into an OpenEdge

665 views • 31 slides
Tools Programming Tutorial Last updated: 18 June 2017 References Jrg Cassens Data and

Tools Programming Tutorial Last updated: 18 June 2017 References Jrg Cassens Data and

Applications Tools Programming Tutorial Last updated: 18 June 2017 References Jrg Cassens Data and Process Visualization SoSe 2017 SoSe 2017 Jrg Cassens Tools 1 / 57 Work in Progress What is still missing Applications

1.17k views • 58 slides
SCN Engaging with Cities Luncheon o In Partnership with SOS Open House &amp; Student Project

SCN Engaging with Cities Luncheon o In Partnership with SOS Open House &amp; Student Project

SCN Engaging with Cities Luncheon o In Partnership with SOS Open House &amp; Student Project Showcase Thursday, April 27, 2017 Agenda I. Lunch II. Welcome &amp; Introductions III. Student Presentations I. Waste Diversion, St. Marys

363 views • 9 slides
Keeping Current with ICT Keeping Current with ICT The Latest Technology from ESRI The Latest

Keeping Current with ICT Keeping Current with ICT The Latest Technology from ESRI The Latest

Keeping Current with ICT Keeping Current with ICT The Latest Technology from ESRI The Latest Technology from ESRI FIG Commission 7 Annual Meeting FIG Commission 7 Annual Meeting Bled, Slovenia May 2006 May 2006 Bled, Slovenia Kevin

590 views • 39 slides

More recommend