{"id":6507,"date":"2024-10-10T14:20:46","date_gmt":"2024-10-10T12:20:46","guid":{"rendered":"https:\/\/logmanager.com\/?post_type=case_studies&p=2081"},"modified":"2026-05-27T11:48:25","modified_gmt":"2026-05-27T09:48:25","slug":"pripadova-studie-praha3","status":"publish","type":"resource_centre","link":"https:\/\/logmanager.com\/cs\/zdroje\/pripadova-studie-praha3\/","title":{"rendered":"Odbor informatiky Prahy 3"},"content":{"rendered":"\n

Odbor informatiky m\u011bstsk\u00e9 \u010d\u00e1st\u00ed Praha 3 s Logmanagerem z\u00edskal centr\u00e1ln\u00ed \u00falo\u017ei\u0161t\u011b log\u016f s analytick\u00fdmi funkcemi a dostate\u010dn\u00fdm v\u00fdkonem, kter\u00e9 jim pom\u00e1h\u00e1 s provozn\u00edm monitoringem a zaji\u0161t\u011bn\u00edm souladu s bezpe\u010dnostn\u00edmi p\u0159edpisy.<\/strong><\/p>\n\n\n\n

V\u00fdchoz\u00ed situace<\/h2>\n\n\n\n

Odbor informatiky \u00da\u0159adu m\u011bstsk\u00e9 \u010d\u00e1sti Praha 3 spravuje \u0159adu datab\u00e1zov\u00fdch syst\u00e9m\u016f, aplikac\u00ed pro provoz agend a po\u010d\u00edta\u010dovou s\u00ed\u0165. To je v\u00edce jak 300 po\u010d\u00edta\u010d\u016f, 40 virtu\u00e1ln\u00edch server\u016f, p\u0159ev\u00e1\u017en\u011b Windows, 30 p\u0159ep\u00edna\u010d\u016f a dal\u0161\u00edch za\u0159\u00edzen\u00ed.<\/p>\n\n\n\n

Aplikace slou\u017e\u00ed p\u0159edev\u0161\u00edm pro podporu v\u00fdkonu st\u00e1tn\u00ed spr\u00e1vy a m\u00edstn\u00ed samospr\u00e1vy. Cel\u00fd informa\u010dn\u00ed syst\u00e9m pak komunikuje s dal\u0161\u00edmi informa\u010dn\u00edmi syst\u00e9my ve\u0159ejn\u00e9 spr\u00e1vy, nap\u0159. je integrov\u00e1n s informa\u010dn\u00edmi syst\u00e9my Z\u00e1kladn\u00edch registr\u016f nebo Datov\u00fdch schr\u00e1nek.<\/p>\n\n\n\n

V\u0161echny aplikace, syst\u00e9my a za\u0159\u00edzen\u00ed generuj\u00ed logy, kter\u00e9 byly um\u00edst\u011bny lok\u00e1ln\u011b na za\u0159\u00edzen\u00edch. Nebylo tedy mo\u017en\u00e9 logy nijak korelovat a archivovat. Pouze logy ze s\u00ed\u0165ov\u00fdch za\u0159\u00edzen\u00ed byly uschov\u00e1v\u00e1ny v aplikaci pro management a monitoring HP Intelligent management center.<\/p>\n\n\n\n

\u00da\u0159ad m\u011bstsk\u00e9 \u010d\u00e1sti Praha 3 sice nespadal pod p\u016fsobnost Z\u00e1kona o kybernetick\u00e9 bezpe\u010dnosti 181\/2014 Sb., ale odbor informatiky \u00fa\u0159adu se sna\u017eil postupovat v souladu s t\u00edmto z\u00e1konem a odkazuje se na n\u011bj v Bezpe\u010dnostn\u00ed politice \u00fa\u0159adu.<\/p>\n\n\n\n

Bezpe\u010dnostn\u00ed politika je zpracov\u00e1na na z\u00e1klad\u011b z\u00e1kona 365\/2000 Sb. o informa\u010dn\u00edch syst\u00e9mech ve\u0159ejn\u00e9 spr\u00e1vy a podle ISO 27001:2005. Vyhl\u00e1\u0161ka k Z\u00e1konu o kybernetick\u00e9 bezpe\u010dnosti po\u017eaduje v \u00a721 \u2014 \u201eN\u00e1stroj pro zaznamen\u00e1v\u00e1n\u00ed \u010dinnost\u00ed kritick\u00e9 informa\u010dn\u00ed infrastruktury a v\u00fdznamn\u00fdch informa\u010dn\u00edch syst\u00e9m\u016f, jejich u\u017eivatel\u016f a administr\u00e1tor\u016f\u201c. V \u00a723 je to pak \u201eN\u00e1stroj pro sb\u011br a vyhodnocen\u00ed kybernetick\u00fdch bezpe\u010dnostn\u00edch ud\u00e1lost\u00ed\u201c.<\/p>\n\n\n\n

Kl\u00ed\u010dov\u00e9 v\u00fdzvy projektu<\/h2>\n\n\n\n

Vzhledem k nemo\u017enosti sb\u00edrat, archivovat a korelovat logy na jednom m\u00edst\u011b bylo c\u00edlem projektu zajistit centr\u00e1ln\u00ed \u00falo\u017ei\u0161t\u011b log\u016f s dostate\u010dnou kapacitou, v\u010detn\u011b vhodn\u00e9ho n\u00e1stroje pro vyhodnocov\u00e1n\u00ed.<\/p>\n\n\n\n

Jedn\u00edm z hlavn\u00edch po\u017eadavk\u016f byl sb\u011br log\u016f ze stanic a server\u016f Windows. Nejl\u00e9pe s mo\u017enost\u00ed filtrov\u00e1n\u00ed odes\u00edlan\u00fdch ud\u00e1lost\u00ed.<\/p>\n\n\n\n

Z\u00e1kazn\u00edk tak\u00e9 pot\u0159eboval \u0159e\u0161en\u00ed, kter\u00e9 mu pom\u016f\u017ee splnit legislativn\u00ed po\u017eadavky a po\u017eadavky stanoven\u00e9 Bezpe\u010dnostn\u00ed politikou \u00fa\u0159adu<\/p>\n\n\n\n

D\u016fvody pro nasazen\u00ed Logmanageru<\/h2>\n\n\n\n

Z\u00e1kazn\u00edk vyb\u00edral mezi n\u011bkolika SIEM n\u00e1stroji velk\u00fdch spole\u010dnost\u00ed (ARCSight a QRadar) na jedn\u00e9 stran\u011b, a mezi n\u00e1stroji postaven\u00fdmi na Open Source \u0159e\u0161en\u00edch (Splunk, Nagios).<\/p>\n\n\n\n

Syst\u00e9m Logmanager zaujal zlat\u00fd st\u0159ed mezi vybran\u00fdmi \u0159e\u0161en\u00edmi. Svou v\u00fdkonnost\u00ed v po\u010dtu p\u0159ijat\u00fdch EPS zdaleka p\u0159ev\u00fd\u0161il zaveden\u00e9 SIEM syst\u00e9my. Funkcemi pro anal\u00fdzu, reportov\u00e1n\u00ed a alertov\u00e1n\u00ed se jim vyrovnal.<\/p>\n\n\n\n

D\u016fle\u017eit\u00fdm parametrem p\u0159i v\u00fdb\u011bru bylo licencov\u00e1n\u00ed. Logmanager nen\u00ed nijak licencov\u00e1n na po\u010dty zdroj\u016f ani EPS.<\/p>\n\n\n\n

V konkurenci s open-source syst\u00e9my rozhodlo, \u017ee Logmanager je odlad\u011bn\u00e9 ucelen\u00e9 \u0159e\u0161en\u00ed s jedn\u00edm administra\u010dn\u00edm rozhran\u00edm a \u0159adou funkc\u00ed, kter\u00e1 open-source n\u00e1stroje nenab\u00edzej\u00ed. D\u016fle\u017eitou skute\u010dnost\u00ed je, \u017ee Logmanager nen\u00ed provozov\u00e1n ve virtu\u00e1ln\u00edm prost\u0159ed\u00ed, ale jako samostatn\u00fd server. P\u0159i hav\u00e1rii virtu\u00e1ln\u00edho serveru je log management st\u00e1le v provozu, logy se neztrat\u00ed a je mo\u017en\u00e9 analyzovat d\u016fvody p\u00e1du hypervizoru.<\/p>\n\n\n\n

Logmanager z\u00e1rove\u0148 nab\u00eddl vysokou \u00farove\u0148 zabezpe\u010den\u00ed ulo\u017een\u00fdch dat. Ve\u0161ker\u00e1 data jsou ulo\u017eena na diskov\u00e9m poli RAID6 s akcelerovan\u00fdm hardwarov\u00fdm \u0159adi\u010dem. Z bezpe\u010dnostn\u00edho hlediska bylo kl\u00ed\u010dov\u00e9, \u017ee administr\u00e1tor nem\u00e1 mo\u017enost mazat ulo\u017een\u00e1 data.<\/p>\n\n\n\n

Logmanager tak\u00e9 splnil pot\u0159ebu sb\u00edrat logy z prost\u0159ed\u00ed Windows, op\u011bt bez nutnosti zvl\u00e1\u0161tn\u00edho licencov\u00e1n\u00ed. Nav\u00edc nab\u00eddnul specialitu \u2013 p\u0159eklad chybov\u00fdch k\u00f3d\u016f Windows do srozumiteln\u00e9 formy, tedy dopln\u011bn\u00ed chybov\u00e9 hl\u00e1\u0161ky m\u00edsto k\u00f3du.<\/p>\n\n\n\n

P\u0159i v\u00fdb\u011bru Logmanageru tak\u00e9 rozhodlo, \u017ee syst\u00e9m je certifikovan\u00fd na pln\u011bn\u00ed po\u017eadavk\u016f ISO 27001:2005.<\/p>\n\n\n\n

P\u0159\u00ednosy pro z\u00e1kazn\u00edka<\/h2>\n\n\n\n

Logmanager zcela splnil po\u017eadavky na centr\u00e1ln\u00ed \u00falo\u017ei\u0161t\u011b dat a n\u00e1stroje na vyhodnocov\u00e1n\u00ed log\u016f.<\/p>\n\n\n\n

Obrovskou v\u00fdhodou vybran\u00e9ho \u0159e\u0161en\u00ed je jeho v\u00fdkon pro p\u0159\u00edjem ud\u00e1lost\u00ed a kapacita pro ukl\u00e1d\u00e1n\u00ed log\u016f. Syst\u00e9m je v provozu necel\u00e9 dva roky a p\u0159i sou\u010dasn\u00e9m mno\u017estv\u00ed p\u0159ij\u00edman\u00fdch log\u016f bude kapacita syst\u00e9mu sta\u010dit na cca 5 let. To je naprosto dostate\u010dn\u00e1 doba pro ulo\u017een\u00ed log\u016f bez nutnosti \u0159e\u0161it jejich retenci.<\/p>\n\n\n

\n
\n <\/g><\/clipPath><\/defs><\/svg>\n
Nepot\u0159ebujeme drah\u00fd SIEM syst\u00e9m s \u0159adou slo\u017eit\u00fdch funkc\u00ed. Cht\u011bli jsme centr\u00e1ln\u00ed \u00falo\u017ei\u0161t\u011b log\u016f s analytick\u00fdmi funkcemi a dostate\u010dn\u00fdm v\u00fdkonem. Logmanager m\u00e1 p\u0159im\u011b\u0159enou cenu a jednoduch\u00fd, tedy \u017e\u00e1dn\u00fd, syst\u00e9m licencov\u00e1n\u00ed. A to n\u00e1m naprosto vyhovuje.<\/h5> \n Tom\u00e1\u0161 Hilmar<\/strong>\n Vedouc\u00ed odboru informatiky, Praha 3<\/span>\n <\/div> \n<\/div>\n\n\n\n
\n

D\u016fle\u017eit\u00e1 je i skute\u010dnost, \u017ee je syst\u00e9m spravov\u00e1n z jednotn\u00e9ho administra\u010dn\u00edho rozhran\u00ed a m\u00e1 propracovan\u00fd syst\u00e9m p\u0159\u00edstupov\u00fdch pr\u00e1v.<\/p>\n<\/blockquote>\n\n\n\n

Analytick\u00e9 schopnosti Logmanageru jsou vyu\u017e\u00edv\u00e1ny nap\u0159\u00edklad pro:<\/strong><\/p>\n\n\n\n