LogRhythm Partners with PowerTech to Support i OS Log Data
August 5, 2008 Alex Woodie
LogRhythm, a developer of cross-platform log management products, is now supporting log data originating from the IBM i operating system (OS) with its log management products, the company announced Monday. Customer demand to include i OS-related data in their log management systems drove LogRhythm to seek out a partnership with PowerTech Group, a specialist in i OS security.
To the uninitiated, trying to make sense of i OS (formerly i5/OS and OS/400) log data can be a complex and overwhelming experience. Compared to other platforms, IBM includes a very high level of detail in its logs, which is a tribute and a result of decades developing rock-solid business computing platforms.
While this information can be useful, just getting to the point of understanding what it means was a challenge, according to Mike Regan, vice president of marketing and business development at LogRhythm, a Boulder, Colorado, software company. “What really sets the IBM iSeries apart from other log sources in the network is the complexity with which IBM formats their log data,” he says. “Their log taxonomy has a level of complexity that goes well beyond other network devices, systems, even applications.”
At the request of customers, LogRhythm, the company, was trying to include i OS log data in its eponymous offering. LogRhythm, the product, does double-duty as a log management platform–collecting, analyzing, and reporting on log data for compliance purposes–and as a security event information management (SEIM) system. The company considered developing its own i OS log data collector to feed data into its system before deciding to partner with PowerTech, the Seattle, Washington, company that has an established product in the category called Interact.
PowerTech created Interact specifically to solve the problem of integrating i OS log data–such as entries in the security audit journal (QAUDJRN), the system (QSYSMSG), and system operator (QSYSOPR) message queue–with log data generated on other platforms. The product’s main functionality is converting the sometimes esoteric nature of i OS log data into the industry’s defacto standard for log data, called Syslog. It also includes a compliance guide for helping users make sense of i OS log data and how it maps to business terms. While PowerTech first shipped Interact as an individual product only nine months ago, it has been including log management functionality in its flagship Network Security product for years. It was a separate product to address the growing need for cross-platform log management products.
As part of the partnership, LogRhythm becomes an authorized reseller of Interact for customers that need to collect, correlate, and analyze i OS log data along with log data from other platforms. Additionally, LogRhythm and PowerTech worked together to build a higher level of integration between the two products than customers could get by just buying Interact themselves and pointing its Syslog output at LogRhythm or any number of other cross-platform SEIM products on the market.
That integration has resulted in Interact’s output being groomed and massaged a bit more to help it fit into LogRhythm’s classification scheme, officials with the companies say. “The fact that we worked with PowerTech to interpret the event classification takes the integration beyond just a Syslog format,” Reagan says. “And we can deliver it to new customers as a single solution delivered by one vendor.” It has to do with how “we split those events, the message structure, and normalize it into the way they categorize” events in LogRhythm, says Brendan Patterson, vice president of marketing for PowerTech.
One of the first companies to take advantage of the new integration is Regis, a multibillion-dollar provider of beauty salons, hair restoration centers, and cosmetology education. “The combined LogRhythm and PowerTech solution automates the collection, management, and correlation of our iSeries logs into a single consolidated view that includes information and events from other log sources,” said Bernie Rominski, IT security officer for Regis Corporation. “Our iSeries systems are no longer an island. The LogRhythm/PowerTech solution enables us to meet PCI-DSS requirements more efficiently while enhancing our overall IT security effectiveness.”
LogRhythm is not the only third-party provider of log management and SEIM products that PowerTech has provided with i OS log data feeds. In early 2007, it formed a partnership with OpenService for i OS security data. Other i OS security software vendors are also offering their services to third-party providers of log management and SEIM products.
LogRhythm offers its solutions as Windows-based products, or as appliances with the software pre-loaded. The appliances, which are based on one- and two-socket Dell PowerEdge servers, range in price from $20,000 to $60,000. PowerTech sells Interact for $1,500 per logical partition.