Centralized Log Management

By using Diode:Syslog it is possible to separate log management from multiple security domain to a centralized location, for example a Security Operations Center (SOC), where all logs are collected for log analysis and archiving. The use of centralized log management together with data diodes is a common system design pattern as it:

  • Prevents modification of logs from the analysed system.
  • Those who analyse cannot affect the analysed IT system.
  • Data diodes prevent information leakage between security domains.

The example below shows how three independent security domains each forwards their Syslog events to a common SOC with a central log server.