About Log-Alert at IU

• Overview
• Access to Log-Alert logs
• Learn more

---

Overview

Log-Alert is a no-fee, UITS-funded service available to all IU units and intended to ensure that your IT department can align itself with Security of Information Technology Resources (IT-12) and its requirements for server log monitoring and review. Your servers are constantly generating logs, and analyzing this data manually is cumbersome and time consuming. Log-Alert provides a real-time automated log management solution that monitors your system's event logs.

Benefits of the Log-Alert service include:

• IT-12 alignment
• Encryption and security: All traffic to the Log-Alert service is fully encrypted and secured via direct firewall policies to your servers. Log events in storage are secured on servers housed in the IU Data Center.
• Separate storage: All event logs are collected, transferred, and stored on the Log-Alert system. This ensures that logs cannot be lost by clearing them locally.
• Search: Log-Alert indexes your events so that you can search directly from an intuitive web interface.

Presently, Log-Alert at Indiana University runs on the Elastic Stack platform. Elastic uses an agent called a "beat" to securely transmit your logs to Log-Alert.

Access to Log-Alert logs

Outside of the Log-Alert and OmniSOC teams, only the people in your department who are defined by a departmental Active Directory group will have access to your logs. The Log-Alert team has implemented two simultaneous security methods within Elastic:

• Log-Alert silos all data into indexes; this allows role-based access to a specific index so no one else can search the data.
• Log-Alert restricts user options, allowing users to see only their application.