CorreLog Unix Linux Agents
Contact us

CorreLog Unix Linux Agents

CorreLog offers a suite of specialized UNIX agents and tools to augment the native syslog capability found in UNIX platforms. Although agents are not required to manage UNIX platforms, this additional software leverages the power of CorreLog Server to detect, log, and correlate security and performance issues not otherwise covered with native syslog capability. We support Linux, Solaris, AIX, HPUX, and other popular UNIX platforms.

Product Overview

The CorreLog system works with UNIX platforms in an "agentless" mode, without the need to install any other software component. In particular, you can manage virtually any UNIX platform using the native Syslog capability, simply by directing syslog messages to the CorreLog Server site.

To extend your UNIX monitoring capability to include arbitrary log file management, remote configuration of source filters, and data encryption, you can install the CorreLog UNIX Agent, which usually takes under one minute, and does not require the platform to be rebooted. After installation, log messages will immediately begin forwarding over to the CorreLog program, permitting data aggregations and correlation of UNIX logs. This greatly expands your ability to proactively manage UNIX platforms, making the CorreLog system aware of any log file on any UNIX system.

System Features

CorreLog UNIX Agents are designed to be highly secure, non-intrusive, and easy to deploy. These agents contain various features that enhance your SIEM implementation by providing access to data that is not otherwise visible, and encrypting your data transmissions to provide extra security. Specific features are as follows:

  • Monitoring of Streaming Log Files. You can configure the agent to monitor streaming log files by name, including log files with names derived from date and times. This leverages your ability to instrument any log file, such as application error logs, and other log files commonly found on UNIX platforms, with complete syslog capability.

  • File Integrity Monitoring. You can configure UNIX agents to monitor any system file for changes, generating a syslog message (with the content, facility, and severity of your own selection) when the file is modified or deleted. This provides you with visibility to changes to critical system files and directories. Multiple files of any time, including directories, can be monitored.

  • Source Filtering Of Events. To reduce network loads or enhance security, you can implement filtering within the agent. You can forward all messages that do not match your configured filters, or exclude all messages except those that match your configured filters. Multiple patch patterns can be configured, consisting of keywords, phrases, or wildcards.

  • Ability To Assign Facilities and Severities To Messages. UNIX Agents come with pre-configured match patterns that automatically assign reasonable values for the facility and severity codes associated with syslog messages. Facilities and severities can be further refined using various strategies, such as having the agent automatically assign values based upon message content, or explicitly matching message groups. You have complete control over message facility and severity codes, especially useful for correlating messages at the syslog receiver.

  • Remote Configuration Utilities. UNIX Agents provide optional support for secure remote configuration of agent parameters. This assists with agent maintenance, permitting you to change parameters of the agent without having to log into the platform. Authentication is based upon encrypted passkey, source address, or external encryption module. Remote configuration of agents is directly supported via CorreLog Server screens, as well as by a command line remote configuration utility suitable for batch file operation.

  • Data Encryption. For those sites requiring the encryption of messages, CorreLog UNIX Agents support encryption of forwarded messages using either an internal encryption method that works with the CorreLog Server, or an external AES-256 encryption scheme. (The AES encryption is available only to USA customers, due to export restrictions on encryption technology). This prevents third parties from eaves-dropping on your management data.

  • Syslog API. The UNIX Tool Set includes a "sendlog" API that allows you to send your own arbitrary messages to CorreLog or other syslog receivers. This allows you to construct your own monitor programs, such as via the system "Init" facility or "crond" scheduler, useful for instrumenting home-grown programs, or providing specialized management information to the CorreLog Server. The "sendlog" program operates as a completely stand-alone executable, or can work with the encryption scheme of the main UNIX Agent.

Installation Requirements

The CorreLog UNIX Agent software runs on a variety of different platforms including (but not limited to) Solaris, Solaris X86, AIX, HP-UX, and all flavors of Linux (including mainframe Linux). The program does not require Java, or any other supporting software, and requires minimal CPU, disk space, and memory. Installation can be performed manually via command line utilities and shell scripts, or can be performed automatically via a variety of software distribution and deployment systems.

The CorreLog Agent software includes a ready-to-run configuration, and 50+ page CorreLog Agent User Reference Manual in Adobe PDF format.

The CorreLog Agent system is designed for extremely easy installation. A typical installation requires less than one minute, and does not require the host platform to be rebooted.

This software is available as a standard component of the CorreLog Server software, and can be downloaded from the "Home" screen of the CorreLog server.

CorreLog SIEM Security Server, Log Management & Compliance solutions