The Department of Informatics at Prague 3 has implemented Logmanager to establish a high-performance, centralized log storage system with analytical capabilities, enhancing operational monitoring and compliance with security regulations.

Key challenges

The Department of Informatics at the Municipal Office of Prague 3 manages a variety of database systems, applications for administrative processes, and a computer network. This infrastructure includes over 300 computers, 40 virtual servers (mostly Windows), 30 switches, and various other devices.

These applications primarily support state and local government operations, and the entire information system is integrated with other public administration systems, such as the Basic Registers and Data Boxes information systems.

Previously, all applications, systems, and devices generated logs that were stored locally on individual devices, making it impossible to correlate or archive them. Only network device logs were saved in HP’s Intelligent Management Center for network management and monitoring.

Although Prague 3 is not subject to the Cyber Security Act 181/2014, the department adheres to its guidelines as part of its Security Policy.

Reasons for implementing Logmanager

The main objective was to ensure centralized log storage with sufficient capacity and a suitable evaluation tool, as it was previously impossible to collect, archive, and correlate logs in one place.

One of the primary requirements was to collect logs from Windows stations and servers, ideally with the ability to filter outgoing events. Additionally, the client required a solution that would help fulfill legal requirements and align with the Security Policy.

After considering several SIEM tools from major vendors (ArcSight and QRadar) and open-source tools (Splunk, Nagios), Logmanager was selected as a balanced choice. It not only outperformed other SIEM systems in event processing speed but also offered competitive analysis, reporting, and alerting capabilities.

Compared to open-source systems, Logmanager is a comprehensive, fine-tuned solution with a single administration interface, offering features not typically available in open-source tools.

Additionally, Logmanager offers robust data security, storing all data on RAID6 disk arrays with accelerated hardware controllers. Security is further enhanced as administrators cannot delete stored data.

Logmanager also fulfills the need to collect logs from Windows environments without special licensing. It translates Windows error codes into readable messages, adding value beyond basic log collection.

Certified for ISO 27001:2005 compliance, Logmanager was chosen for its ability to meet these requirements effectively.

Impactful results

Logmanager has fully met the requirements for centralized data storage and log evaluation tools. The system’s high performance for event reception and log storage capacity has been a significant advantage. The current storage capacity should suffice for approximately five years, given the current log volume.

Tomáš Hilmar, Head of the Department of Informatics in Prague 3, noted, “We don’t need an expensive SIEM system with complex features. We wanted a centralized log storage with analytical functions and sufficient performance. Logmanager offers a reasonable price and a simple, or rather no, licensing system, which is perfect for us.”

The single administration interface and advanced access control system further enhance Logmanager’s usability.

Key features

The IT department of Prague 3 specifically uses the Logmanager platform for the following use cases:

  • Auditing user access to information systems.
  • Monitoring process start and stop events in Windows and application usage.
  • Identifying communication flows and configuring firewall rules.
  • Monitoring user internet behavior and generating reports from firewall web filters.
  • Tracking communication with external entities.
  • Monitoring and resolving communication issues in integration bridges between systems.
  • Addressing labor-related issues such as user activity.
  • Monitoring guest WiFi user activities and generating statistics.
  • Controlling undesirable services on computers, such as failed or incomplete program uninstalls.

IT personnel also utilize alert notifications for administrator and vendor logins to security devices such as firewalls and IPS, as well as remote desktop protocol access to application servers.

For more information about Logmanager, book a showcase or try our interactive product demo.