The Akab architecture is based on AkabSensors - a family of appliances for management of network data both directly acquired or received from other network appliances/applications.

AkabSensors have crucial role in system monitoring as they provide data to various Anomaly Detection and Event Correlation algorithms run in other higher level appliances.

The AkabSensor family consists of various specialized appliances divided in two groups, Security Management and Network Management appliances: security audit (AS-SA), intrusion detection (AS-ID), bandwidth management (AS-BM), traffic monitoring (AS-TM), and log server (AS-LS).

All AkabSensor appliances for Network Management (BM, TM and LS) are available in stand-alone configuration as well.

AkabSensor Log Server (shortly referred as AS-LS) is an appliance specially designed for management (collection, interpretation and correlation) of the syslog messages generated from host and applications on the network.

Features

AS-LS collects and analyses syslog messages sent from different network host and applications, and defines the thresholds for system alerts that launch appropriate countermeasures.
AS-LS stores syslog data in SQL format for farther statistical or forensic analysis.
AS-LS configuration optionally can include two other modules for gathering and analysis of Netflow and SNMPTrap data.

Syslog Messages

Big part of network hosts and applications foresee generation and export of their log data in syslog format. The syslog format defines basic characteristics of the log message structure (timestamp, type, etc) that ensure correct interpretation and management of log data across applications.
Careful analysis of syslog messages allows better control and monitoring of the system status, and timely handling system malfunctions and threats.

Events and AKevents Correlation

AS-LS allows to define filters and correlation rules for incoming syslog messages based on their characteristics (frequency, content, sequence, etc...) which generate Akevent alert messages upon identification of specific syslog content.

Data Visualization

Visualization of AS-LS data is structured in various reports that can be accessed through a Web-based GUI and be farther customised and filtered according to different temporal and traffic criteria.

Configurable Reports

No. of syslog messages per appliance and application, most frequent and least frequent types of syslog messages, etc...

Akab System Integration

AS-LS is available in two different installation modes: as stand-alone appliance to simply manage network syslog messages, and as integrated part of the Akab system to provide additionally essential data for the purpose of Security Management.

High Availability

Every AS-LS appliance is supplied with a secondary twin stand-by appliance that becomes active if, for any reason, the primary appliance is not able to function properly (fail-over).