cloud based log analysis and visualization
play

Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, - PowerPoint PPT Presentation

Oct 14, 2023 •9 likes •439 views

Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, France My syslog mobile-166 Ra fg ael Marty - @zrlram Tuesday, July 6, 2010 Ra fg ael (Ra fg y) Marty Founder @ Chief Security Strategist and Product Manager @ Splunk

  1. Cloud-based Log Analysis and Visualization RMLL 2010, Bordeaux, France My syslog mobile-166 Ra fg ael Marty - @zrlram Tuesday, July 6, 2010

  2. Ra fg ael (Ra fg y) Marty • Founder @ • Chief Security Strategist and Product Manager @ Splunk • Manager Solutions @ ArcSight • Intrusion Detection Research @ IBM Research • IT Security Consultant @ PriceWaterhouse Coopers Applied Security Visualization Publisher: Addison Wesley (August, 2008) ISBN: 0321510100 Logging as a Service (c) by Ra fg ael Marty 2 Tuesday, July 6, 2010

  3. Agenda •Do it Yourself •Introduction • AfterGlow •Visualization • Google Visualization API •InfoViz Process •Visualization Use-Cases •Visualization Tools •Visualization Resources •The Cloud •Loggly Logging as a Service (c) by Ra fg ael Marty 3 Tuesday, July 6, 2010

  4. Open Your Eyes Logging as a Service (c) by Ra fg ael Marty 4 Tuesday, July 6, 2010

  5. Security Is About Seeing Logging as a Service (c) by Ra fg ael Marty 5 Tuesday, July 6, 2010

  6. Goals - Learn how you can - use visualization to help solve security problems - leverage the cloud to build security visualization tools Logging as a Service (c) by Ra fg ael Marty 6 Tuesday, July 6, 2010

  7. Information Visualization? A picture is worth a thousand log records. Inspire Explore and Discover Answer a Increase Pose a New Communicate Support Question Question Efficiency Information Decisions Logging as a Service (c) by Ra fg ael Marty 7 Tuesday, July 6, 2010

  8. Visualization and The Cloud 8 Tuesday, July 6, 2010

  9. InfoViz Process Process Visualize Collect • Visualization Tools • large-scale data collection • Your parsers • and Libraries • and processing • Standard formats Logging as a Service (c) by Ra fg ael Marty 9 Tuesday, July 6, 2010

  10. Collect 10 Tuesday, July 6, 2010

  11. Log Management • Log Collection and Centralization • Log Storage • Log Filtering • Log Aggregation • Log Search and Extraction • Log Retention and Archiving Logging as a Service (c) by Ra fg ael Marty 11 Tuesday, July 6, 2010

  12. Process 12 Tuesday, July 6, 2010

  13. Standard Formats • Multiple formats Oct 13 20:00:43.874401 rule 193/0(match): block in on xl0: 212.251.89.126.3859 >: S 1818630320:1818630320(0) win 65535 <mss 1460,nop,nop,sackOK> (DF) Oct 13 20:00:43 fwbox local4:warn|warning fw07 %PIX-4-106023: Deny tcp src internet: 212.251.89.126/3859 dst 212.254.110.98/135 by access-group "internet_access_in" Oct 13 20:00:43 fwbox kernel: DROPPED IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0f:cc: 81:40:94:08:00 SRC=212.251.89.126 DST=212.254.110.98 LEN=576 TOS=0x00 PREC=0x00 TTL=255 ID=8624 PROTO=TCP SPT=3859 DPT=135 LEN=556 • Log Standards ‣ SDEE ‣ WELF ‣ CEE (cee.mitre.org) ‣ CBE ‣ XDAS ‣ IDMEF Logging as a Service (c) by Ra fg ael Marty 13 Tuesday, July 6, 2010

  14. Normalization • Parsers “To analyze or separate (input, for example) into more easily processed components.” (answers.com) • Generate a common output format for vis-tools (e.g., CSV) • For example /(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})/g ‣ Regex ‣ http://secviz.org/content/parser-exchange Logging as a Service (c) by Ra fg ael Marty 14 Tuesday, July 6, 2010

  15. Visualize 15 Tuesday, July 6, 2010

  16. Choose Your Poison Logging as a Service (c) by Ra fg ael Marty 16 Tuesday, July 6, 2010

  17. Reporting vs. Visualization • Reporting Libraries • Visualization Libraries - HighCharts - TheJIT - Flot - Graphael - Google Chart API - Protovis - Open Flash Chart - ProcessingJS - Flare JavaScript vs. Flash vs. XYZ Logging as a Service (c) by Ra fg ael Marty 17 Tuesday, July 6, 2010

  18. HighCharts • Click-Through • On load - near real-time updates • AJAX data input via JSON • Zoom http://www.highcharts.com/ Logging as a Service (c) by Ra fg ael Marty 18 Tuesday, July 6, 2010

  19. Google Visualization API http://code.google.com/apis/visualization/interactive_charts.html • JavaScript • Based on DataTables() • Many graphs • Playground - http://code.google.com/apis/ajax/playground Logging as a Service (c) by Ra fg ael Marty 19 Tuesday, July 6, 2010

  20. ProtoVis • JavaScript based visualization library • Charting • Treemaps • BoxPlots • Parallel Coordinates • etc. http://vis.stanford.edu/protovis/ Logging as a Service (c) by Ra fg ael Marty 20 Tuesday, July 6, 2010

  21. TheJIT http://thejit.org/ • JavaScript InfoVis Toolkit • Interactive • Link Graphs Logging as a Service (c) by Ra fg ael Marty 21 Tuesday, July 6, 2010

  22. Processing •Visualization library •Java based •Interactive (event handling) •Number of libraries to - draw in OpenGL - read XML files - write PDF files •Processing JS - JavaScript http://processingjs.org/ - HTML 5 Canvas http://processing.org/ - Web IDE Logging as a Service (c) by Ra fg ael Marty 22 Tuesday, July 6, 2010

  23. Building Your Own 23 Tuesday, July 6, 2010

  24. Build Your Own AfterGlow Loggly Regexes Google Vis Logging as a Service (c) by Ra fg ael Marty 24 Tuesday, July 6, 2010

  25. Data Collection in the Cloud 25 Tuesday, July 6, 2010

  26. The (public) Cloud What it is Types • multi-tenancy • SaaS - Software • PaaS - Platform • elastic • IaaS - Infrastructure • “infinite” resources Benefits • pay as you go • No installation • self provisioning • No elaborate configurations It’s not • No maintenance • private data center • Great scalability • virtualization • 7x24 availability Logging as a Service (c) by Ra fg ael Marty 26 Tuesday, July 6, 2010

  27. LaaS - Logging as a Service • All your data in one place • Loggly manages your data (index, store, archive, etc.) • Extremely fast search across all your data • Data source agnostic (no parsers) • Data management • access control • data segregation • data overview and summaries • API access Logging as a Service (c) by Ra fg ael Marty 27 Tuesday, July 6, 2010

  28. Loggly Architecture Loggly Data Sources Clients user interface My syslog mobile-166 Data collection API Data access Proxies Distributed indexing and Indexers and Search Machines processing Distributed data store Logging as a Service (c) by Ra fg ael Marty 28 Tuesday, July 6, 2010

  29. Loggly APIs • URL format: http://wiki.loggly.com/api-documentation http:// < subdomain > .loggly.com/api/< resource > • RESTful API HTTP Based - Access through: /api/< resource > • GET - read • POST - create - JSON, XML, JSONP output • PUT - update • Authentication • DELETE - delete - Basic auth - oAuth syslog to: http:// loggly. loggly.com/api/ search /?q=error User: guest / Password: loggly logs.loggly.com:514 Logging as a Service (c) by Ra fg ael Marty 29 Tuesday, July 6, 2010

  30. Search http://[domain].loggly.com/api/search?q=404 { "data": [ { "indexed": "2010-07-03T17:17:38.909Z", "ip": "75.101.249.172", " text ": " Oct 13 20:00:38.018152 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 62.2.32.250.53: 34388 [1au] [|domain] (DF) ", "inputname": "logglyweb", "timestamp": "2010-07-03 10:17:38" }, { "indexed": "2010-07-03T17:17:37.879Z", "ip": "75.101.249.172", " text ": " Oct 13 20:00:38.115862 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.134.0.49.53: 49962 [1au] [|domain] (DF) ", "inputname": "logglyapp", "timestamp": "2010-07-03 10:17:37" }, ... Logging as a Service (c) by Ra fg ael Marty 30 Tuesday, July 6, 2010

  31. Parser Oct 13 20:00:38.018152 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 62.2.32.250.53: 34388 [1au][|domain] (DF) Raw Oct 13 20:00:38.115862 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 192.134.0.49.53: 49962 [1au][|domain] (DF) Oct 13 20:00:38.157238 rule 57/0(match): pass in on xl1: 195.141.69.45.1030 > 194.25.2.133.53: 14434 [1au][|domain] (DF) (.*) rule ([-\d]+\/\d+)\(.*?\): (pass|block) (in|out) on (\w+): (\d+\.\d+\.\d+\.\d+)\.?(\d*) [<>] Regex / Parser (\d+\.\d+\.\d+\.\d+)\.?(\d*): (.*) Oct 13 20:00:38.018152,57/0,match,pass,in,xl1,195.141.69.45,1030,62.2.32.250,53,34388 [1au][|domain] (DF) Normalized Oct 13 20:00:38.115862,57/0,match,pass,in,xl1,195.141.69.45,1030,192.134.0.49,53,49962 [1au][|domain] (DF) (CSV) Oct 13 20:00:38.157238,57/0,match,pass,in,xl1,195.141.69.45,1030,194.25.2.133,53,14434 [1au][|domain] (DF) Logging as a Service (c) by Ra fg ael Marty 31 Tuesday, July 6, 2010

  32. Visualize AfterGlow Parser Grapher CSV file Graph file digraph structs { graph [label="AfterGlow 1.5.8", fontsize=8]; node [shape=ellipse, style=filled, Configuration fontsize=10, width=1, height=1, fixedsize=true]; edge [len=1.6]; color.source =“green” if ($fields[0] ne “d”) "aaelenes" -> "Printing Resume" ; cluster.target =regex_replace("(\\d\+)\\.")."/8" "abbe" -> "Information Encryption" ; threshold.event =5 "aanna" -> "Patent Access" ; "aatharuv" -> "Ping" ; size.target =$fields[1] } http://afterglow.sf.net Logging as a Service (c) by Ra fg ael Marty 32 Tuesday, July 6, 2010

  33. AfterGlow Cloud Loggly Grapher JSON CSV DOT Graph Logging as a Service (c) by Ra fg ael Marty 33 Tuesday, July 6, 2010

Recommend

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario

PROOF as a Service on the Cloud a Virtual Analysis Facility based on the CernVM ecosystem Dario Berzano R.Meusel, G.Lestaris, I.Charalampidis, G.Ganis, P .Buncic, J.Blomer CERN PH-SFT CHEP2013 - Amsterdam, 15.10.2013 A cloud-aware analysis

581 views • 20 slides
Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard

Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard

Symposium on Software Performance 2019 Graph-Based Analysis and Visualization of Software Traces Wrzburg, November 5, 2019 Richard Mller and Matteo Fischer SSP 2019 | Graph-Based Analysis and Visualization of Software Traces WHY GRAPHS?

404 views • 19 slides
The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* ,

The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* ,

The Betrayal At Cloud City: An Empirical Analysis Of Cloud-Based Mobile Backends Omar Alrawi* , Chaoshun Zuo * , Ruian Duan, Ranjita Pai Kasturi, Zhiqiang Lin, Brendan Saltaformaggio *First Co-Authors Conference Conference Conference More

1.33k views • 100 slides
Topological data analysis and topology-based visualization Leila De Floriani Topology-based

Topological data analysis and topology-based visualization Leila De Floriani Topology-based

Topological data analysis and topology-based visualization Leila De Floriani Topology-based methods v Why topology? topology deals with qualitative geometric information , thus v providing a structural description of data topological

298 views • 10 slides
Cloud based systems that can help you grow your business Some of the cloud based tools we use at

Cloud based systems that can help you grow your business Some of the cloud based tools we use at

Cloud based systems that can help you grow your business Some of the cloud based tools we use at Business Connected Dashlane Crunchboards Trello icloud Adobe Creative Cloud Proposify Receipt Bank Maxmail Dropbox Go to Meeting Mailchimp

328 views • 21 slides
Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire

Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire

Tag-Cloud Drawing: Algorithms for Cloud Visualization Authors: Owen Kaser and Daniel Lemire Jason Ye University of Virginia What is a tag-cloud?

678 views • 13 slides
Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services

Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services

Cloud Computing Pat West and Colin Gillette SSE 3200: Analysis and Design of Web-Based Services &quot;Content-Centered Collaboration Spaces in the Cloud&quot; by:John S. Erickson et al. IEEE Internet Computing, September/October 2009, pages

477 views • 15 slides
Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization

Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization

Where Are We? Feedback So far? Collection Cleaning Integration Analysis Visualization Presentation Dissemination 1 CSE 6242 / CX 4242 1. How to Identify Vis Issues? 2. Class Project Duen Horng (Polo) Chau Georgia Tech Partly based on

696 views • 65 slides
Programming, Data Management and Visualization Module E: Data analysis &amp; visualization

Programming, Data Management and Visualization Module E: Data analysis &amp; visualization

Programming, Data Management and Visualization Module E: Data analysis &amp; visualization Alexander Ahammer Department of Economics, Johannes Kepler University, Linz, Austria Christian Doppler Laboratory Ageing, Health, and the Labor Market,

1.01k views • 54 slides
CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous

CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous

CloudDet Motivation Visualization Challenges CloudDet: Interactive Visual Analysis of Anomalous Performances in Cloud Monitoring nodes instead of monitoring applications Computing Systems Scale : Trade-off between system scalability

150 views • 3 slides
H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp;

H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp;

H517 Visualization Design, Analysis, &amp; Evaluation Week 12: Visualization Tasks &amp; Evaluation Khairi Reda | redak@iu.edu School of Informa5cs &amp; Compu5ng, IUPUI Raw user data Processed Data plots Visualization data pre- visual

690 views • 46 slides
NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS

NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS

April 4-7, 2016 | Silicon Valley NAVIGATING THE IN SITU VISUALIZATION LANDSCAPE Tom Fogal, 4/6/2016 VISUALIZATION &amp; ANALYSIS 22 27 31 38 42 17 22 27 31 38 13 17 22 27 31 6 13 17 22 27 2 6 13 17 22 2 POST HOC VISUALIZATION AND ANALYSIS

700 views • 20 slides
Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph

Glyph-based Visualization Applications David H. S. Chung Swansea University Outline Glyph Design Application Flow Event Multi-field Visualization Visualization Visualization Uncertainty Geo-spatial Tensor Medical Visualization

559 views • 30 slides
Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing

Reverse Engineering by Crayon: Game Changing Hypervisor and Visualization Analysis Game Changing Hypervisor Based Malware Analysis and Visualization Danny Quist Danny Quist Lorie Liebrock New Mexico Tech Computer Science Dept. Offensive

898 views • 64 slides
Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis

Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis

Flow Visualization Research @ IDAV Christoph Garth CScADS Workshop on Scientific Data Analysis and Visualization for Petascale Computing August 6, 2009 Flow Illustration with Integral Surfaces (with Hari Krishnan, Ken Joy) Integration-Based

673 views • 52 slides
Towards a cloud-based computing and analysis framework to process environmental science big data

Towards a cloud-based computing and analysis framework to process environmental science big data

Towards a cloud-based computing and analysis framework to process environmental science big data Eleonora Luppi, Sebastiano Fabio Schifano, Luca Tomassetti University of Ferrara, Italy 1 Introduction Environmental sciences use data coming

709 views • 31 slides
Part I If you want to save or load a file, you need to know what the current directory is We use

Part I If you want to save or load a file, you need to know what the current directory is We use

AGENDA Data Analysis and R Programming Language Visualization with R Fundamentals Variables &amp; Data Structures Data Visualization with ggplot2 Data Analysis Statistical Testing and Prediction Exploratory Analysis Source:

584 views • 23 slides
Visualization and Data Analysis using VisIt - In Situ Visualization - Jens Henrik Gbbert 1 ,

Visualization and Data Analysis using VisIt - In Situ Visualization - Jens Henrik Gbbert 1 ,

Mitglied der Helmholtz-Gemeinschaft Visualization and Data Analysis using VisIt - In Situ Visualization - Jens Henrik Gbbert 1 , Herwig Zilken 1 1 Jlich Supercomputing Centre, Forschungszentrum Jlich GmbH, Germany Application Support,

408 views • 13 slides
Using ParaViewWeb for 3D visualization and data analysis in a web browser + other remote

Using ParaViewWeb for 3D visualization and data analysis in a web browser + other remote

Intro Client-server Apps: Visualizer &amp; LightViz 3D models . Using ParaViewWeb for 3D visualization and data analysis in a web browser + other remote visualization and 3D online presentation techniques Alex Razoumov

517 views • 25 slides
Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin

Interactive traffic analysis and Interactive traffic analysis and visualization with Wisconsin Netpy visualization with Wisconsin Netpy Cristian Estan, Garret Magin University of Wisconsin-Madison USENIX LISA, 19 December 2005 Traffic

345 views • 18 slides
Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based

Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based

Cloud Management Chapter 5 eBook: Cloud Compu5ng: Web-Based Dynamic IT Services ENGR 5770 / CSCI 5700 Service Compu5ng Winter 2013 1 Cloud

673 views • 21 slides
Text Visualization Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Announcements 2

Text Visualization Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Announcements 2

Text Visualization Ma Maneesh Agrawala CS 448B: Visualization Winter 2020 1 Announcements 2 1 Final project New visualization research or data analysis project I Research : Pose problem, Implement creative solution I Data analysis :

710 views • 45 slides
Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for

Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for

Dynamic analysis, reporting and visualization of data catalogs Use cases INSPIRE Dashboard for all Member States and EEA MedSea project at Ifremer INSPIRE Directive in Europe INSPIRE is based on the infrastructures for spatial information

679 views • 42 slides
Scalable Visualization and Analysis for Computational Materials Science Aaron Knoll, Joe

Scalable Visualization and Analysis for Computational Materials Science Aaron Knoll, Joe

Scalable Visualization and Analysis for Computational Materials Science Aaron Knoll, Joe Insley, Tom Uram, Venkatram Vishwanath, Mark Hereld, Michael E Papka Visualization Group Argonne National Laboratory Sunday, November 13, 2011

593 views • 23 slides

More recommend