Log Management One Identity syslog-ng Premium Edition (#LM-SPE) Training

Training description

The training session introduces the most important skills to manage the One Identity syslog-ng Premium Edition (SPE) software package. The training session introduces installation and configuration of syslog-ng through presentations and lab exercises. The session introduces the log harvesting and storage technologies and all the possible transformation methods and troubleshooting steps.

Goal of the training

The goal of the session is to train professionals who can install and configure syslog-ng PE logging subsystem on an existing UNIX and/or Windows infrastructure.

Intended audience

For all end-users and partners or system engineers who would like to install, configure or maintain syslog-ng infrastructure independently. At the end of the session participants can setup, fine-tune and troubleshoot syslog-ng.

Duration

The training is a three-day, classroom based, instructor-led session, that includes the presentations and lab exercises. The session starts at 9:00 and finishes at 17:00 that includes the lunch. The session can be customized by the client’s need. After applying we will contact you to work out the details.

Detailed agenda

Module: Introduction and protocol overview

History of logging systems
The syslog protocol
The EVTX API
The Windows Event Collector
Syslog protocols: RFC3164, RFC5424 and non RFC

Module: Simple Settings

Sources and source drivers
Destinations and destination drivers
The log path
The configuration file

Module: Macros and templates

Message parts and parsing them
Message reformatting with templates

Module: Filtering

Filters and filtering
Combined filters
Flags of the logpath and filters

Module: command-line tools

Running syslog-ng as a daemon
The command-line tools of syslog-ng
Generating messages and testing with the ‘loggen’ command

Module: Networking

Forwarding messages via syslog
Encrypted communication
Fault tolerance with the ALTP protocol

Module: Logstore

The logstore file format
Encrypted logstore
Displaying logstore with the ‘lgstool’

Module: Windows

The syslog-ng Agent for Windows
A WEC and syslog-ng-wec server settings

Module: Message parsing

Processing messages with the parsers
Storing the parsed content on name-value pairs.
The geo-ip, xml and json parsers
Message enrichment

Module: Databases

Storing syslog messages in databases / reading out syslog messages from databases

Module: Message content manipulation

Rewriting messages
Anonymizing and pseudonimizing messages

Module: Classification

Message parsing and classification with the pattern-db parsers
The pattern-db XML
Using the ‘pdbtool’

Module: Advanced settings

Disk buffering
The flow control
Architecture of syslog-ng, and syslog-ng internals
Statistics and performance monitoring

Module: Support and Troubleshooting

Troubleshooting syslog-ng
Troubleshooting syslog-ng Agent for Window
Troubleshooting syslog-ng-wec

Company

Company:

Company address:

Participant

First name:

Last name:

Job title:

Phone number:

E-mail:

Country:

Contact person

Name:

Email:

Phone:

Preferred communication

Training

What can we help you with?

Message:

* I have read and accept the terms & conditions.