The largest Czech railway transport provider uses Logmanager as a support tool for IT technicians, administrators, and for diagnosing and resolving issues within its extensive ICT infrastructure.

Key challenges

CD Cargo (CDC) is the largest Czech railway transport provider, employing over 7,000 people. In terms of transported goods, it ranks among the top five railway carriers within the European Union.

The CD Cargo information system comprises various operational, economic, and technological systems and applications, with varying degrees of interconnectedness.

Overall, the system includes several dozen physical and virtual servers, utilizing a variety of technology platforms from leading vendors, such as Microsoft, Oracle, SAP, and open-source solutions.

Most critical applications are operated by its sister company, CD – Information Systems, while some subsystems are managed independently by CDC on its own resources or outsourced to other providers.

CDC’s communication infrastructure is largely not owned but is provided as a service by its sister company, CD Telematika.

Reasons for Implementing Logmanager

Due to the complexity of the ICT infrastructure and contractual relationships between CD Cargo and its suppliers, CDC often lacked sufficient oversight over the management and operation of outsourced systems.

The customer’s goal was to gain a comprehensive overview of the security and operations of the CDC information system through stored logs, enabling a response to emerging incidents and events. It was also important to have the ability to track information on activities related to data, user accounts, and their permissions.

The requirement was for a log storage system that would provide long-term retention of easily accessible information in an unalterable format, allowing insights into the status of operating systems, access to specific application parts, and detailed tracking of privileged account activities within information and communication technologies.

The customer also desired no limitations on the maximum number of events processed per time unit or the number of monitored devices.

Logmanager was chosen as the ideal solution. Besides centralizing logs and storing them long-term from selected technologies and systems, the initial focus was on user account information in various identity stores.

SAP Systems:

  • Successful and unsuccessful user logins,
  • Execution of key transactions,
  • Actions such as account creation, deletion, role assignment, and role removal for employees and external accounts with CDC access.

HR and Payroll Applications:

  • Successful and unsuccessful user logins,
  • Successful and unsuccessful privileged account logins (including vendors),
  • Key operations involving personal data.

LDAP Server:

  • Successful and unsuccessful user logins,
  • Successful and unsuccessful privileged account logins (including vendors),
  • Actions such as account creation, deletion, enablement, disablement, role assignment, and role removal for employees and external accounts with CDC access.

Active Directory:

  • Successful and unsuccessful user logins,
  • Successful and unsuccessful privileged account logins (including vendors),
  • Execution of key operations.

Deployment

In the first phase, Logmanager appliances with a capacity of several dozen TB were deployed to collect and store logs. These appliances were installed according to the provided addressing plan. To ensure high availability, two Logmanager appliances were installed in two physically separate locations, configured into a cluster immediately upon installation. Both appliances in the cluster are controlled via a single web interface. During the initial setup, user authentication was integrated with Active Directory.

Subsequently, selected applications and servers were configured to send logs to Logmanager, which collects and stores them continuously. Specific parsers were then created to convert unstructured logs into a standardized format, enabling easy searching and access to advanced features like alerting, system behavior prediction, correlation, and reporting.

Finally, administrators, IT support technicians, and security personnel were trained to work with Logmanager and create parsers.

Impactful results

Logmanager met all the customer’s goals. It serves as a support tool for IT support technicians, administrators, and security management.

Logmanager was seamlessly integrated into CDC’s existing complex and heterogeneous ICT environment. The customer greatly values features such as complete reading and processing of extended logs from Microsoft systems, quick access to and filtering of vast amounts of log data, automatic alerts on abnormal conditions, and the ability to collect logs from parts of the network infrastructure, including security devices.

Key features appreciated by CD Cargo administrators:

  • Diagnosing crashes or operational issues of individual CDC applications,
  • Predicting and preventing failures, data security breaches, and monitoring unusual and suspicious transactions or access,
  • Tracking configuration changes made by external and internal administrators and system operators,
  • Ensuring the availability of auditable, unalterable logs in a separate storage that can be used to track and evaluate all operations by authorized and unauthorized system users,
  • Diagnosing and resolving security incidents,
  • Tracing access, user activities, SLA compliance, audit requirements, etc.,
  • Providing forensic analysis resources during security incident investigations,
  • Monitoring compliance with legal regulations and standards.

Future plans

The initial implementation is just the beginning; additional applications and systems not included in the initial project will be gradually integrated. This continuous expansion is possible thanks to the system’s flexibility, enabling easy creation of custom dashboards for various systems, activities, or scenarios, as well as the addition of logs from new applications through custom parsers.

For more information about Logmanager, book a showcase or try our interactive product demo.