Document Ver6.0Document Ver. 7.5.2_5 En

※ALog ConVerter is the registered trademark of AMIYA Corporation.※Each company names and trade-marks are registered company names and names of products.※ Mentioned products' specifications and functions may be modified for improvement without any notifications.

© AMIYA Corporation 2

ALog EVA dramatically expands the range of the ALog series.

It is a new integrated data management tool that is easy and flexible, which sets it apart from the difficult integrated log products.

What is ALog EVA?

© AMIYA Corporation 3

　

ALog EVA plays an active role as a "data bank of records". In recent years, it has also been used as a data set (Preprocessing for organizing data) and analysis platform for AI and big data.

- Specify the person who deletes Vital data

- Copy History of confidential data

- Understanding external attacks- Unauthorized app user discovery

- Over time work Ranking - Detect Neglect of Duty

- Factory Censor - Water Quality Research - Temperature control

IoT

- Automobile Travel Data- Physical measurement- Medical Records Data

ALog EVA Field

Internal Fraud

Work Style Reform

Cyber Attack AI/Big data

Wireless LAN

- All record for Connection- Detect un registered device Access

© AMIYA Corporation �4

1 2

3 4

Simple Layout and Settings

Easy to Understand, Easy to Use

Options are Unnecessary

Our experience gathering log data from a diverse range of devices has allowed us to provide a multitude of standard mapping templates. ALog EVA features intuitive GUI and easy settings.

Search and report functions come standard.

The GUI is uniform across the series to ensure ease of administration across programs.

Save locations are shared.

Saves data simply and efficiently.

Our years of expertise have gone into converting stored data into useful logs. Cost

Performance

Log recording and data storage shouldn’t be so expensive!

We offer long-term use of our programs at prices that are as affordable as possible.

The ALog EVA Advantage

Search and report functions are standard

Clear visuals and ease of use

From storage only…Security Privilege　has divided to new Log On Subject: Security ID AMIYADEMODC\Administrator Account Name: administrator Account Domain: AMIYADEMODC Log On ID: 0x8FE064 Security Privilege Take Ownership Privilege Load Driver Privilege Backup Privilege Restore Privilege ………… ...to useful data.

© AMIYA Corporation �5

Specialized templates for common log data are already provided with the software. Simply select the one you want to use.

Speedy Log Mapping

*Download additional templates from our support website

　　Select the template1

Select the log data destination2

Setting complete4

S Select the frequency3

Server access log© Amiya Corporation. �6

Manage log data using the ALog Series common interface. The unified GUI performs search and reporting functions, allowing log management from multiple sources.

Unified Formatting

Report Output

• Uniform management of multiple log types• Threshold-based alert notifications• Combined search and scheduled reporting

functions• Incident monitoring

Points

Analyze/ReportSearchConversionCollection

4. No Optional tool needed

© AMIYA Corporation �7

Automatic unification of time formatUnify various types of time formats into a single time format automatically. There is no need to convert each definition, it is easy to collect logs from multiple products.

Need to fix all the time formats even though they

are the same date…

Automatically convert into a single unified Time format

Automatically recognizable format

yyyy/MM/dd HH:mm:ss.FFFFFFF

yyyy/MM/dd H:mm:ss.FFFFFFF

yyyy-MM-dd HH:mm:ss.FFFFFFF

yyyy-MM-dd H:mm:ss.FFFFFFF

yyyy/MM/dd HH:mm:ss

yyyy/MM/dd H:mm:ss

yyyy-MM-dd HH:mm:ss

yyyy-MM-dd H:mm:ss

yyyyMMdd HHmmssFFFFFFF

yyyyMMdd HHmmss

MMM dd HH:mm:ss.FFFFFFF

MMM d HH:mm:ss.FFFFFFF

MMM dd HH:mm:ss

MMM d HH:mm:ss

Device A 2017/04/03 09:38:00

Device B 2017-04-03 09:39:09

Device C 2017 Apr 3 09:38:22

© AMIYA Corporation 8

Sometimes the information of the data itself is not enough, EVA enables integration from master information without using complicated syntax.

Understandable! Usable! [2/2]

AdditionAdd items from master for information not in log

Department User

Sales Department Ito Taro

Sales Department Yamada Takashi

Administration Department Tanaka Ichiro

User

Ito

Yamada

Tanaka

Corresponding List Master

Sales Department Ito Taro

Sales Department Yamada Takashi

Administration Department

Tanaka Ichiro

ReplaceUnknown values can be replaced from the master by itself

Level Message

Attack Port scan! From…

Information User admin…

Information User admin…

Corresponding List Master

01 Attack

02 Notice

03 Information

Level Message

01 Port scan! From…

03 User admin…

03 User admin…

FilterUnnecessary items are filtered by condition

Level Message

01 Port scan! From…

03 User admin…

With filtering conditions

Level Message

01 Port scan! From…

03 User admin…

03 User admin…

Cut！

Unnecessary data will be cleansedimproves the efficiency of log analysis

© AMIYA Corporation 9

As Cyber Attack Measures, visualize - Cyber Attack Sign - Data E Leakage Sign

Inject Existing network log into EVA.

Government

Exit Leakage Sign

Entrance Attack Sign

CASE

1

Report for access to the threat sites during night time / holidays

Suspect the possibility for attack based on the number

of abnormal access

[Case Study] Cyber Attack Measures 　

　　　　　

FW log / UTM log

UTM / proxy log

© AMIYA Corporation 10

A major logistics CT company where information leaks from employees were discovered.For recurrence prevention - File access to server - File export on PC was monitored.

Major Logistics center

Monitoring file export

Monitoring access to confidential information

CASE

2

Store copy to USB or cloud for 5 years

Keep access to sensitive folders for 5 years

[Case Study] Internal Fraud

PC log

File server log

© AMIYA Corporation 11

[Case Study] Detect trouble cause 　

To detect and trace customer’s system and network trouble shooting. - Unified log from Multiple devices - Aggregate administrator’s setting change record

Unified record and management for administrator’s operation by using EVA.

Internet Servicer

CASE

3

Application

Switch

Firewall

PC

Server

You can specify virus infected areaComprehend trouble cause

(setting error etc..)Various Data

APP LOG

SYSLOG

EVENT LOG

Realize central management by using

the unified format

If you have record

© AMIYA Corporation 12

[Case Study] Work Style Reform　

In response to the Ministry of Internal Affairs and Communications, work style reform 〇〇 city that

embarked. - Restrict excess overtime - Understand lazy workFocused collection of data. Logs laid the foundation for business reform.

Municipality

Understanding lazy work

Control Excess overtime

CASE

4

Overtime staffRanking

Facebook /Instagram

Fashion / Car /Gourmet site

Identify heavy users

　　　　　

Web Proxy log

Authentication log

© AMIYA Corporation �13

Example Internal information leakage

A major distribution center Information leakage has been occurred by internal fraud at one of major distribution centers. In order to prevent the recurrence of the incident, MIS established the log management process focused on “Protection of Confidentiality”, “Privileged account management”, “data leakage onto the external devices”.

ALog EVA Selection Point

If the customer is already collection log from File server access log and DB access log, by enable the ALog EVA, it it very easy to expand the collection targets and simple for implementation.

Record the outgoing of web mail attachment via a proxy server.

Record the data file duplication onto the USB devices via PC log.

Record all access events to the confidential data on a file server.

Record all logon/logoff events of privileged users on a DB server.

Access to confidential data must be recorded !

ALog EVA

Especially access by privileged users must be traced !

ALog ConVerter

Every event regarding access to external devices must be Recorded !

Copyright AMIYA Corporation All Rights Reserved.

Web mail attachment

Data file duplication on USB devices

© AMIYA Corporation �14

ALog EVA Log ingestion List◆Network SystemCisco ASA series

Cisco Catalyst series

Juniper SSG series

Juniper MAG series

PaloAlto Networks PA series

Blue Coat ProxySG series

Fortigate series

Infoblox DHCP

YAMAHA RTX series

IBM Flex System EN switch

Hitachi Load Balancer EL130

Aruba Networks Mobility Controllers

TrendMicro Deep Discovery Inspector

Soliton Systems NetAttest EPS series

SonicWall series

◆NAS/Cloud Storage/ General-purpose machineHitachi Virtual File Platform (CIFS)

NetApp ONTAP (NFS audit)

HPE 3PAR StoreServ

Nutanix AFS (Nutanix Files)

QNAP

I-O DATA LAN DISK

Amazon Web Services CloudTrail

Box

FOBAS Cloud Storage Cache

IBM AS/400

◆ServersApache HTTP Server (Linux)

IBM HTTP Server (Linux)DHCP Server (Windows)DNS Server (debug log) (Windows)Microsoft Exchange Server (Windows)RADIUS Server (Windows)

WebDAV (Windows)Squid common (Linux proxy server)Sendmail (Linux mail server)Postfix (Linux mail server)

Samba (Linux)

◆DatabaseMySQL (Linux)

PostgreSQL (Linux)FUJITSU Symfoware Server (OPEN)FUJITSU Symfoware Server (NATIVE)Hitachi HiRDB 　IBM DB2 　

◆Security productSKYSEA Client View

LanScope CatSoliton Systems SmartOnDOS System Support best1 (SS1)Quarity soft QNDDigital Arts i-FILTER

Digital Arts m-FILTERTrendMicro Virus buster

TrendMicro InterScan Messaging SecurityALSI InterSafe ILP

ALSI InterSafe IRMSymantec Messaging GatewayHitachi solutions Hibun

ZenmuTech ZENMUCisco cloud Web security

IIJ Secure Web Gateway ServicePulse Secure seriesLogstorage

◆ApplicationSAP

NEC ExplannerPCA seriesOBIC seriesNISSEICOM GrowOneMicrosoft SharePoint (AvePoint)

Cybozu Office seriesCybozu Garoon seriesAccess AnalyzerHitachi JP1

FUJITSU SystemwalkerFuji xerox DocuShareFuji xerox ArcSuite

※as of September 2018 Random order

© AMIYA Corporation 15

ALog EVA now supports cloud service logs

ALog EVA enables log management in cloud environments and centralized log management in hybrid environments.

Topics

* Obtainable log is an example. The output contents differ depending on whether or not cloud service side can be handled.

© AMIYA Corporation �16

Collect Mail Archiving System log with ALog EVA, and sorting the number of send mail by users

Copyright AMIYA Corporation All Rights Reserved.

Report Sample –The number of Sending mail TOP10-

© AMIYA Corporation �17Copyright AMIYA Corporation All Rights Reserved.

Report Sample –Number of Job search site Review -

Collect Web proxy log with ALog EVA. Summarize the job search site category web site surfing

Find out someone has been accessing job search site many times!

© AMIYA Corporation �18

*Logs are transferred from target devices to the ALog manager server, and then received on by the manager server side. The syslog server (Kiwi Syslog Server, etc.) must be configured as a manager server.

System Flow

Conversion processing

Access log

Mapping definition

① Windows　 File Sharing 　（e.g. NAS Server）

Log transfer

Log search

Log storage②SCP Transfers via SSHD （e.g. Linux Server）

Logs gathered

③Syslog Transfers From Target Devices*

（e.g. Network Devices）

Manager ServerTarget Device

Logs gathered

• File compression allows long-term storage • Data encryption prevents tampering • DB storage duration can be set to any period • File output by device (Easy coordination with other systems）

Points

syslog server

Copyright AMIYA Corporation All Rights Reserved. !19

Hard ware Requirements - Manager Server

Windows Server 2008 (x64) / 2008R2 / 2012 / 2012R2 / 2016 / 2019

8GB, or higher (16GB, or higher is recommended)

500GBor higher disk space.

*32bit version OS is not supported *Service pack of each OS(SP)is supported*Each edition of （Standard / Enterprise / Datacenter）supported

*Virtualized environment (VMWare, Hyper-V, Citrix XenServer)supported.

CPU：

Memory：

HDD：

OS：

Dual Core, or higher (Quad Core or above is recommended)

.NET Framework 4.6 or later versionEither of following web browser

- Internet Explorer 10 or later version - Firefox version 40 or later version - Google Chrome version 44 or later version

Software：

ALog EVA

*There is a case that more disk space is required depending on the number of the target server and access log storing term.

Obtainable log type

ALog EVA is available to obtain log data which is output with Windows Event Log, syslog and text file (with separated value such as csv).

Log files can be obtained from uncompressed files, ZIP files (Deflata32), and compressed files in gz and bz2 file formats.

Text file needs to be encoded with UTF-8, UTF16 or the other encoding which is supported by .NET Framework.

The following type of log is not available to obtain with ALog EVA. - Fixed-length format - binary file - Encrypted file

In case that syslog server is needed

Syslog server is needed aside ALog EVA when it is not available to share log data with Windows file sharing(CIFS). *Verified Syslog server software : Kiwi Syslog server (not free version

If you use a Syslog server, you must meet the requirements for operating the Syslog server. Please confirm on maker homepage

© AMIYA Corporation �20