With Logmanager, a leading European pharmacy chain gained a high-performance solution that empowers security specialists, IT support technicians, and administrators of various applications and systems to resolve issues more efficiently.

Key challenges

Dr. Max operates in eight European countries and manages a diverse range of IT systems, supporting the operations of pharmacies, warehouses, drug distribution, development, and production. This requires several database systems and an extensive computer network.

Each system generates large amounts of critical machine data about its operations, status, and the activities of its administrators and users.

Previously, decentralized log collection and analysis made identifying and resolving issues more difficult, significantly increasing the time needed to address security incidents.

Reasons for implementing Logmanager

Dr. Max aimed to unify log collection and storage on an external, secure system to gain a comprehensive overview of system security and operations.

The storage system needed to ensure long-term retention of unaltered information, offering insights into system performance, application access, and mapping the activities of privileged accounts.

Additionally, the storage had to be secure to prevent the deletion or modification of collected data. The solution was required to handle a high volume of events per second without any licensing limitations on the number of devices monitored or events processed.

Logmanager XL was selected as the ideal solution for these needs.

Deployment

In the first phase, the goal was to verify the technical capabilities of Logmanager and adapt the environment for data analysis. A test appliance, Logmanager M, with 12 TB storage capacity, was deployed. During the initial installation, Logmanager’s user authentication was integrated with Active Directory. Specific reference devices were chosen to test system performance and data analysis capabilities.

In the second phase, the Logmanager XL appliance with 100 TB storage capacity was installed at the company’s data center. It was configured in a cluster with the device provided in the first phase. After transferring configurations and replicating all data, the Logmanager M appliance was disconnected, and the new system was switched to production mode.

Selected applications and servers were then configured to send logs to the Logmanager appliance. As soon as the logs became available, specific parsers were created. Due to the high volume of events, particularly from security solutions, data processing optimization was conducted.

During the implementation, administrators, IT support technicians, and security personnel received training on Logmanager. Several workshops were also held to address the specific needs of different departments.

Impactful results

Logmanager currently processes 10,000 events per second. During peak hours, which often last several hours, the platform handles up to 25,000 events per second, equating to 250-350 GB of data daily.

The system primarily serves the security team but has also proven to be an effective tool for IT support technicians and administrators of various applications and systems.

The most common use cases include collection and processing access logs, quickly searching and filtering necessary information, using automatic alerts for unusual activities, and collecting logs from the network infrastructure, including security devices.

By unifying log collection and ensuring its security, Logmanager met all of the client’s expectations, with key benefits including:

  • Rapid deployment and immediate value delivery,
  • Logon/logoff correlation across the entire network infrastructure,
  • Evaluation of user access to files and system resources,
  • Monitoring configuration changes made by system administrators and operators,
  • Quick diagnostics and resolution of security incidents,
  • Forensic analysis support during security investigations,
  • Accelerated resolution of technical issues within systems,
  • Scalability across countries, from centralized to distributed solutions,
  • Open architecture for seamless integration with unsupported systems,
  • Unified and easy search across all data types and devices,
  • Minimal administration requirements,
  • High performance,
  • Granular access control over stored data and system permissions.

For more information about Logmanager, book a showcase or try our interactive product demo.