Centralized Log Management
By using Diode:Syslog it is possible to separate log management from multiple security domain to a centralized location, for example a Security Operations Center (SOC), where all logs are collected for log analysis and archiving. The use of centralized log management together with data diodes is a common system design pattern as it:
- Prevents modification of logs from the analysed system.
- Those who analyse cannot affect the analysed IT system.
- Data diodes prevent information leakage between security domains.
The example below shows how three independent security domains each forwards their Syslog events to a common SOC with a central log server.