SureLog Server Features

High-Speed Message Reception: The SureLog Server is able to operate as the single Syslog and SNMP Trap receiver for all devices on a large enterprise network. SureLog can process more than 5,000 messages per second and can handle burst traffic of more than 25,000 messages. SureLog physically tracks and catalogs network devices without a maximum limit, while receiving messages from virtually an unlimited numbers of sources without tracking.

Automatic Aggregating, Correlation, and Reporting of Information: The SureLog Server provides a powerful correlation service. The features require minimal configuration and serve as building blocks for larger correlation strategies.

Large Scale Data Aggregation, Archiving, and Reporting Ability: The SureLog Server is designed to have high-data aggregation ability. It can collect in excess of 1 gigabyte worth of data each day, while saving this data for up to 500 days online and for more than 5,000 days offline in a compressed format. The archiving function includes MD5checksums and security codes on data items to support detailed forensics. Reports are also generated daily in Microsoft Excel format.

Large-Scale Data Searching Ability: One of the most important functions of the SureLog system is its search engine capability. SureLog employs a high-speed, real-time index system. This allows for quick searches throughout massive amounts of data. Users can search a terabyte of data for a particular keyword in less than one second.

Ergonomic Reception of SNMP Traps: SNMP traps are often faulted by users for being too cryptic and difficult to decipher. The SureLog system employs a heuristic method of formatting trap messages, assigning these messages with Syslog severity levels and facility codes (so that the received SNMP traps make sense in an operational standpoint). The SureLog system receives SNMP traps in various formats and versions and converts these traps into readable text for correlation.