CorreLog Adapters and Plug-Ins
Contact us

CorreLog Adapters and Plug-Ins

These special adapters and plug-in components extend the CorreLog Server's monitoring functions to include active polling of devices and programs, file integrity monitoring, and monitoring of special data stores and application data. CorreLog's plug-in capability enhances the life-cycle of your software, provides high return on investment, and satisfies exacting and hard to meet requirements of your enterprise.

Adapter Overview

The CorreLog Server plug-in facility allows you to easily add pre-configured screens, processes, and configuration components to the main server installation. These components leverage CorreLog's Sigma Framework foundation to seamlessly add tightly coupled software to your existing site. Adapters and plug-ins include (but are not limited to) the following components:

  • Ping Polling Adapter. This adapter allows the CorreLog Server to become aware of network device states through high-speed ICMP (ping) polling. The plug-in software adds an asynchronous polling process to the server, which continuously scans your list of managed devices. When the response time or availability of a device changes, the polling process sends a syslog message (of a user specified severity and content) to the CorreLog Server. Device states are reflected on the CorreLog "Devices" screen, providing a clear indication of the device state. This plug-in furnishes special utility in assuring that all devices are available to send syslog messages, and that no device has been shutdown or removed from the network. Available for immediate installation at all CorreLog sites.

  • SNMP Polling Adapter. This adapter is similar to the "Ping Polling" Adapter (described above) but extends the system to include asynchronous polling of SNMP MIB object values. This permits CorreLog to manage SNMP devices, testing performance characteristics against thresholds. This adapter augments the existing SNMP trap reception of the CorreLog server, furnishing the new ability to periodically test any MIB object of any SNMP device through standard "Get" and "Get-Next" requests. In addition to expanding the view of management data, the SNMP Polling Adapter provides a method of operating in an "agentless" fashion, especially with regard to Windows platforms. The SNMP Polling Adapter works with SNMPv2 and SNMPv3, and incorporates a number of threshold tests, including delta counter measurements, bit-test measurements, as well as string comparisons and gauge threshold tests. Available for immediate installation at all CorreLog sites.

  • Windows File Integrity Monitor (FIM). This adapter provides special utility in watching for file system changes in compliance with PCI/DSS and other security requirements. The CorreLog FIM software is installed on a Windows platform, and is configured with specific directory and file match patterns. At periodic intervals, the adapter recursively scans all the configured directories on the target system looking for file additions, deletions, and modifications. Any changes cause a syslog message (of user specified severity) to be sent to the CorreLog Server site. The FIM software is tightly integrated with the CorreLog "remote configuration" facility, permitting you to view the list of file changes, generate new system image files, modify file and directory specifications, and run "on demand" file system scans. The CorreLog FIM software is designed for high capacity monitoring, low intrusiveness, and high system security. Available for immediate installation on both 32-bit and 64-bit systems.

  • WMI (Agentless Monitor) Adapter. This adapter allows the CorreLog Server to gather log information via agentless WMI protocol, furnishing an alternate method of gathering data from Windows platforms for those sites with WMI permissions configured. The adapter polls Windows devices, and pulls new log information to the server every few minutes, achieving a near real-time method of gathering event information. (The adapter is well suited for those enterprises that cannot install software on certain Windows platforms. However, this adapter should not be substituted for agent based Windows management, using the CorreLog Windows Tool Set, if the operational parameters of an organization permits this.) Available for immediate installation at all CorreLog sites.

  • Windows ODBC SQL Monitor. This adapter is installed on Windows platforms, and periodically executes user defined SQL queries on ODBC compliant databases. The adapter generates standard syslog messages when SQL query results match user defined patterns and thresholds. This provides special utility in monitoring log data contained in databases, as well as monitoring specific data items such as table field values and row counts. Each CorreLog ODBC SQL monitor permits multiple SQL queries to be run on multiple ODBC databases. The operator specifies queries, match patterns, alert messages, and scheduling of individual queries ranging from once every 10 seconds to once each day. All SQL adapter parameters can be remotely configured from a central location at the main CorreLog server site. Contact CorreLog for implementation requirements and details.

  • POP3 Monitor. This adapter provides special utility in monitoring the "mail drop" of a POP3 enabled site. E-mail messages, sent to a particular e-mail address, are automatically downloaded and converted into syslog messages that appear in the CorreLog message screen (where they are treated like any other received message). This adapter provides an easy way to integrate third-party software with CorreLog using standard SMTP and POP3 protocol. For example, this technique can be used to easily integrate a third-party network manager or ticketing system with CorreLog by simply having that system send e-mail notifications to CorreLog. The POP3 adapter poll rates, filtering, authentication, facility, and severity codes are user configurable, including the particular scheme for parsing text from e-mail messages. Contact CorreLog for implementation requirements and details.

  • NetFlow Protocol Adapter. This adapter listens for NetFlow records (as defined in RFC 3954) converting these packets to standard syslog messages, which are subsequently sent to CorreLog or other syslog receivers. The program operates as a non-intrusive high-performance NetFlow collection service on Windows platforms, and provides specific elements to collect, buffer, filter, and format NetFlow data. This permits the operator to leverage diverse CorreLog system features, allowing CorreLog to operate as a NetFlow analyzer. When used in conjunction with filtering, alerting, and reporting functions of the CorreLog system, the user can analyze traffic patterns, detect anomalous behaviours and associations, as well as inspect performance data that may be critical to performance and enterprise security. Contact CorreLog for implementation requirements and details.

  • Enterprise Search Adapter. This adapter is useful for managing multiple CorreLog Servers on the network. The adapter software installs into each CorreLog Server, and permits the user to issue enterprise-wide searches. The user can issue simple or advance search requests, see the number of matches for search terms across the enterprise, and drill down into matching CorreLog Servers to view the detailed results. Additionally, the adapter includes new dashboard gadgets to support enterprise search, and remote management utilities useful for permitting third party SNMP managers to access CorreLog Server data and status information. This adapter is not required to implement a multi-tier management strategy, but can be useful to "supervisory" users needing to search an entire enterprise for specific devices, messages, and other information. Contact CorreLog for implementation requirements and details.

The above adapters are representative of the CorreLog plug-in suite, but constitute only a portion of the adapters that have been created for the CorreLog Server system. More specialized adapters, especially with regard to database monitors, socket receivers, and intrusion detectors, are available or can be easily modified to your specific needs.

Installation Requirements

Adapters and plug-in components are installed at the CorreLog Server site via the standard CorreLog component installer. Unless specifically noted, adapters do not appreciably increase server CPU or disk space utilization.

Each adapter includes an individual reference manual, in Adobe PDF format, that outlines specific installation requirements, configuration options, and application notes.

Plug-in components and their documents are available for evaluation on request, after consulting with CorreLog Professional Services regarding your specific requirements. Contact CorreLog sales for assistance.

CorreLog SIEM Security Server, Log Management & Compliance solutions

Search Agileise.Com

Download Datasheets:-

Free Trial Product Downloads:-