Logs are something we all love to hate. All the good stuff can be found in the log files, but often the amount of data becomes overwhelming. And then there is the fact that everything out there has its own log format. I had discussions about HP ArcSight, McAfee Enterprise Security Manager, IBM QRadar, Splunk, and many other tools that clients are using. My head was spinning from the complexity that customers face. I was determined to build something that eliminated all this complexity. Ridgeback version 1.6 addresses the problem of log complexity and integration.
I spent a long time fretting over what to do for a log format. I finally decided that the answer is a separate logging module, which is called the Ridgeback Log Adapter (RLA). I have cleaned up the Ridgeback log format to make reading, parsing, and analysis much easier out-of-the-box. The Ridgeback Log Adapter is a new component that takes that new log format and adapts it to address whatever needs you have.
RLA reads a log file and normalizes the data into a structured format. The structured log data is then stored in a lightweight database. Rules can then be applied to automatically output log data in whatever format is needed. With RLA you don’t need to do complex integration work to make Ridgeback work with your analysis or SIEM solutions.
What I would love to do is have RLA read not only Ridgeback logs, but the logs from any product. That would make it a universal translator for log formats, greatly simplifying the job of integrating different IT products. If this idea appeals to you, drop me a line at tom-at-ridgeback.tillitclicks.com and let me kno`w your thoughts.