Data Security ALog Series

Server Access log ALog ConVerter

01.Overview

ALog ConVerter acquires access records to important data without the need for agents, obtaining logs from file, storage, and AD servers, etc.

02.Features

Point 1

Unique ALog ConVerter Technology

ALog ConVerter analyzes event logs using unique, world-class log analysis and conversion technology, summarizing data access records as easy-to-read access logs.

Point 2

Automated Reports

Configure settings in advance to receive automated alerts.
Predefined reports allow for regular, automated output without the hassle.

Report Example

  • Nighttime Access
  • Saturday and Sunday Access
  • Delete Data in a Specific Folder
  • Unauthorized Access to Important Files
  • Mass File Operations
  • Multiple Logon Failures

Point 3

Aggregation / Monitoring / Email Notification

Automate audits and monitoring using the report monitoring feature.

03.Operating Environment

Manager Server

System Requirement

Location On-Premises Environment
  • * Supports physical and virtual environments (VMWare, Hyper-V, Citrix XenServer)
Cloud Environment (AWS, Azure, etc.)
Supported OS Windows Server 2012 / 2012 R2 / 2016 / 2019
  • * Not compatible with 32-bit OS
  • * Supports service packs for each OS (SP)
  • * Supports each edition (Standard / Enterprise / Datacenter)
  • * Supports virtual environments (VMWare, Hyper-V, Citrix XenServer) and cloud environments
  • * This is the operating environment for the latest version of ALog.
CPU Recommended 2.7GHz 8 cores or more (minimum 2.0GHz 4 cores)
Memory Recommended 32GB or more (minimum 8GB)
HDD 500GB or more free space
  • * Required separately depending on the number of target servers and the length of the access log storage period.
Required Software .NET Framework 4.6.2 or higher
Any of the following browsers:
 Internet Explorer 11 or later
 Firefox 68 or later
 Google Chrome 76 or later
 Microsoft Edge

* A manager server license is not required.

Windows

System Requirements

Supported OS Windows Server 2012 / 2012 R2 / 2016 / 2019
Windows Storage Server 2012 / 2012 R2 / 2016
Windows Server IoT 2019
  • * Supports service packs for each OS (SP)
  • * Supports each edition (Standard / Enterprise / Datacenter)
  • * Supports virtual environments (VMWare, Hyper-V, Citrix XenServer) and cloud environments
  • * Refers to the operating environment for the latest version of ALog.
Required Software .NET Framework 4.5 SP1 or later (agent type only)
Operating Environment
  • The drive for file access log output must be in NTFS format (FAT format is not compatible).
  • When the log collection method is agent type, files must be able to be written from the Target Server to a shared folder on the Manager Server.
  • Shared administrator access to the Target Server.

NetApp

System Requirements

Supported OS Data ONTAP 8.2~8.2.5(7-mode)
  • * Supported Versions
    8.2, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5
ONTAP 9.1~9.8
  • * Supported Versions
    9.1, 9.3, 9.5, 9.6, 9.7 ,9.8
  • * Supports Cloud Volumes ONTAP (formerly ONTAP Cloud) and ONTAP Select

* We recommend product versions that are supported by manufacturers, as we may not be able to provide sufficient support for unsupported product versions.

* Refers to the operating environment for the latest version of ALog.

Operating Environment
  • The file area serving as the file access log output TARGET must be a CIFS area (NFS area not compatible).
  • For Data ONTAP, the ssh or rsh command must be executable from the manager server to the target server.
  • For ONTAP, the ssh command must be executable from the manager server to the target server.
  • Log format must be evtx (not compatible with XML format).
  • LDAP authentication method for NetApp must be Active Directory authentication

Model range compatibility table

Manufacturer / Series Name Small range Medium range Large range
NetApp
FAS Series
FAS2200 Series,
FAS2500 Series,
FAS2600 Series,
FAS2700Series
FAS3220, FAS3250, FAS8020, FAS8040, FAS8200, V3220, V3250, V3270, FAS8300, FAS8700 FAS6220, FAS6250, FAS6290, FAS8060, FAS8080 EX, FAS9000, V6220, V6250, V6290
NetApp
AFF Series
AFF A200, AFF A220, AFF C190 AFF A300, AFF A320, AFF A400, AFF8020, AFF8040 AFF A700s, AFF A700, AFF A800, AFF8060, AFF8080 EX
Fujitsu NR1000 Series F2520, F2552, F2554, F2620, F2650, F2720, F2750 F3220, F3250, F8020, F8040, F8200, F8300 F6220, F6250, F6290, F8060, F8080, F9000
Fujitsu AX/HX Series AX2100, AXI100, HX2200, HX2100 AX4100, HX6100 -

EMC

System Requirement

Supported OS VNX OE 7.1.55~8.1.9
  • * Supported Versions
    7.1.55.31, 7.1.65.8, 7.1.71.1, 7.1.72.1, 7.1.76.4, 7.1.76.405, 7.1.79.8, 7.1.80.7, 8.1.1.33, 8.1.2.51, 8.1.3.79, 8.1.6.101, 8.1.8.121, 8.1.9.155, 8.1.9.211, 8.1.9.266
VNXe OE 2.4~3.1
  • * Supported Versions
    2.4.4.22283, 3.1.1.5395470, 3.1.1.6207002, 3.1.8.9340299
Unity 4.0.0~5.0.6
  • * Supported Versions
    4.0.0, 4.0.1, 4.0.2, 4.1.0, 4.1.1, 4.1.2, 4.2, 4.3, 4.4, 4.5, 5.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.6
PowerStore 1.0
  • *Supported Versions
    1.0

* We recommend product versions that are supported by manufacturers, as we may not be able to provide sufficient support for unsupported product versions.

* Refers to the operating environment for the latest version of ALog.

Operating Environment
  • Must be able to use the AutoArchive function for the event log.
  • The file area serving as the file access log output TARGET must be a CIFS area (NFS area not compatible).

Model range compatibility table

Manufacturer / Series Name Small range Medium range Large range
VNX / VNXe Series VNXe1600, VNXe3150, VNXe3200, VNXe3300, VNX5100, VNX5200, VNX5300, VNX5400, VNX VG2 VNX5500, VNX5600, VNX5700, VNX5800, VNX VG8 VNX7500, VNX7600, VNX8000
Unity Series Unity300, Unity300F, 350F, 380F, Unity400, Unity400F, 450F, 480F Unity500, Unity500F, 550F, Unity600, Unity600F, 650F, 680F, 880F -
PowerStore Series 1000T/1000X 3000T/3000X, 5000T/5000X, 7000T/7000X 9000T/9000X

PowerScale (Isilon)

System Requirement

Supported OS OneFS7.2.0~9.1.0
  • * Supported Versions
    7.2.0, 7.2.0.3, 7.2.0.4, 7.2.1.0, 7.2.1.1, 7.2.1.2, 7.2.1.3, 7.2.1.4, 7.2.1.5, 7.2.1.6, 8.0.0, 8.0.0.2, 8.0.0.3, 8.0.0.4, 8.0.0.5, 8.0.0.6, 8.0.0.7, 8.0.1, 8.0.1.1, 8.0.1.2, 8.1, 8.1.0.1, 8.1.0.2, 8.1.0.3, 8.1.0.4, 8.1.1.0, 8.1.2, 8.2.0, 8.2.1, 8.2.2, 9.0.0, 9.1.0

* We recommend product versions that are supported by manufacturers, as we may not be able to provide sufficient support for unsupported product versions.

* Refers to the operating environment for the latest version of ALog.

Operating Environment
  • The file area serving as the file access log output TARGET must be a CIFS area.
  • The ssh command must be executable from the Manager Server to the Target Server.

Model range compatibility table

Series Name Small range Medium range Large range
F Series / H Series / A Series F200, F600, H400, A200 H500, H600, H5600, A2000 F800, F810
S Series / X Series / NL Series X210 S210, X410, NL410 -

Linux

System Requirement

Supported OS Red Hat Enterprise Linux 6 / 7 / 8
CentOS 6 / 7 / 8

* Refers to the operating environment for the latest version of ALog.

Operating Environment
  • Auditd, sshd, zip, unzip and openssh-clients must be installed first.
  • sshd must be capable of using password authentication for login.(Not compatible with public key authentication)
  • When obtaining syslog, Time, Host Name, and Other Information must be space delimited (half-width space) format (Linux syslog output format is the initial state).
  • The log format must be a text file and must be uncompressed or ZIP / GZIP compressed.
  • The environment must have /usr/local/sbin structure.

* Please contact us if you are using a Samba environment.

04.FAQ

ALog ConVerter specifications and structure

View all
  • What kinds of logs does ALog ConVerter collect?

    ALog ConVerter collects file access logs, user logon logs, access rights change logs, etc.
    The logs obtained depend on the product, so please read the overview document for details.

  • How does ALog ConVerter capture logs?

    The event log and audit log output by the log collection target server are stored temporarily on the local drive. Newly added logs are extracted and collected by the manager server.

  • Why do event logs need to be converted?

    ALog ConVerter analyzes and converts event logs to achieve the following.

    ・ Easy log readability
    ・ Dramatically smaller log file size
    ・ Creation of access log formats that closely match user operation patterns

    Event logs that are not converted may cause the following issues:

    1. Massive log files that become corrupted and inaccessible. These files will continue to store data without tracking.
    2. Massive log files that require constant hard disk upgrades.
    3. Event logs do not match user operation patterns, making it difficult to interpret file access histories.

    Even if event logs are saved without conversion, as in 3., above, the underlying cause of an issue may not be traceable due to the data format.
    For these and other reasons, ALog ConVerter converts event logs into a human-readable format for user file access.

    * ALog ConVerter performs a comprehensive analysis of the OS version of the client PC that accesses the server, event log output patterns, and other elements. The software then converts findings into a log more closely resembling the actual operation pattern of the user.

  • What OS and server types are supported by ALog ConVerter?

  • Is it possible to collect information for environments composed of different domains or workgroups?

    As long as the file is shared between the log collection target server and the manager server, ALog ConVerter can still collect information.
    The log collection target server can be any domain or workgroup as long as the environment allows connection via Windows Network (CIFS / SMB).Please read the supported OS of the log collection target server on the Operating Environment page.

  • Is it possible to target a server in a cluster configuration?

    Yes.
    Even if the target server is in a cluster configuration, logs can be collected and converted in the same way as in a single configuration.
    * If the target server is a Windows server, only the WSFC cluster environment is supported.If you are using other cluster configurations, please verify the operation in your environment before installation.

  • Can the manager server be in a cluster configuration?

    Yes.However, there are certain requirements. Please contact us for details.

  • Can ALog ConVerter obtain the computer name and IP address of the client PC that accesses files?

    Yes.
    However, client computer names and IP addresses cannot be specified arbitrarily, since this function depends on the environment as to whether the IP address or computer name can be obtained.

ALog ConVerter installation and operation

View all
  • Do you offer an installation manual and configuration instructions?

    Please contact us through our online contact form.A manual and configuration guide are included in the downloadable installation package. Please contact us sales office for details.

  • Is it necessary to install an agent (resident program) on the target server?

    Agents are generally unnecessary.You may select whether to deploy an agent depending on the type of target server.

  • Does installing ALog ConVerter place a load on the client PC?

    No.
    ALog ConVerter does not require an application to be installed on the client PC, so there is no load involved.

  • Are there any important things to consider when installing ALog ConVerter?

    ALog ConVerter collects event logs and audit logs output by the server and converts them into access logs.
    Therefore, settings (audit settings) are required to output event logs and audit logs to the target log server.
    If the range of audit settings is too large (e.g., everything under the C drive), a massive amount of logs will be output, which could consume all free space on the local disk of the file server. We recommend limiting monitoring of the audit settings to only the folders necessary.

  • Does ALog ConVerter installation require certain access rights?

    The account running ALog ConVerter must have domain admin privileges.
    If the manager server and the target server exist in different domains, an account with administrator privileges must be created on each server and trust relationships established.

  • Is it possible to output the access log in a file format?

    Yes.
    Access logs can be output as CSV, ZIP, or an encrypted file.

  • Is it possible to output the access log to another storage location instead of the manager server?

    Yes.
    By default, the access log is output to the local drive of the manager server,but settings allow for output to an external storage device.

Trial / purchase

View all
  • Is there a trial version of ALog ConVerter to try before purchasing?

    A free evaluation version is available.Please request it using the contact form on our website.

  • How do I purchase ALog ConVerter?

    ALog series products are sold by our sales partners.
    Please check here for a list of our sales partners.
    If you are not already working with a distributor on the list, please contact us and we will introduce you to one.

License [general terms]

View all
  • Is it necessary to purchase database software, etc., in addition to ALog ConVerter?

    No.

    * Only when the target server is a SQL Server and "SQL Trace" is selected in the audit settings when adding the target server is it necessary to have a version equal to or later than the SQL Server for which the log is to be collected.

  • Is a maintenance contract required?

    A maintenance contract for the first year is mandatory.
    ALog ConVerter updates the access log analysis conversion engine regularly as needed according to the version upgrade of the supported OS (server OS, client OS).If the maintenance contract expires, you will not be able to update this conversion engine and the correct log conversion may not be performed. Therefore, we recommend you continue the maintenance contract during the period of use.

  • Do I need a manager server license?

    No.However, a license is required to collect the access log of the manager server itself.

  • Is there a volume discount for additional licenses?

    No.For additional purchases, the payment system will be the same as for new purchases.(We recommend that you purchase licenses for the total number of servers required at the time of the initial purchase)

  • What is ALog for Win AE for NAS?

    ALog for Win AE for NAS is an option that allows you to purchase single licenses for Windows Advanced Edition.
    This option is only available to customers using NetApp / EMC / Isilon.

  • Is it mandatory to purchase ALog for Win AE for NAS?

    No.Please purchase the option if you intend to collect logon/logoff logs from the active directory.

License [for Windows / Linux]

View all
  • How many licenses are required?

    Please purchase as many servers on which there are logs you wish to collect.One license is required for each server, regardless of whether it is a physical server or a logical server.

  • Does the license change depending on the number of CPUs, the number of cores, etc.?

    No.ALog ConVerter requires one license for each server for which logs are collected (regardless of whether physical or logical).

  • If the server for which logs are collected is a logical server, does the required number of licenses change?

    No.One license is required for each server, regardless of whether it is a physical server or a logical server.
    If you want to collect access logs from the host OS of a logical server, you need a license for the host OS as well.

  • How many licenses are required in the case of a cluster configuration?

    As ALog ConVerter requires one license for each server for which logs are collected (regardless of whether physical or logical), one license for each server making up the cluster is required.

  • Is it possible to purchase one license at a time?

    No.We ask you to purchase at least five licenses at a time; we do not offer an option to purchase only one license.

License [for NetApp / EMC]

View all
  • What is the difference between licenses S, M, and L?

    The fee system for S range, M range, and L range depends on the NAS model.
    Please check the model of NAS you are using and purchase licenses for the applicable range.

  • How many licenses are required?

    Please purchase one license for each active controller.

    * For EMC VNX / VNXe, count data movers or virtual data movers (VDM); for EMC Unity, count storage controllers (storage processors).
    * Please refer here for a specific license count example.

  • Does the required number of licenses change if the server for which logs are collected is a virtual storage server?

    If you are building virtual storage (NetApp FAS series uses vFiler or SVM as virtual storage, EMC VNX / VNXe CIFS Server and EMC Unity uses NAS Server as virtual storage), you need as many virtual licenses as there are virtual storages, in addition to the normal license.

    * for NetApp/EMC includes one virtual license for each server license; you do not need another virtual license to collect logs from only one virtual storage.Purchase a virtual license when the number of virtual storages for the collected logs exceeds the number of physical servers.
    * With for NetApp, we assume that virtual licenses are not used for physical servers (vFiler0).

  • Does the required number of licenses change for a cluster configuration?

    The number of required licenses depends on the cluster configuration. Please contact us to find out how many licenses you may need.

License [for Isilon]

View all

Catalog Download

  • ALog series product overview material

    Introducing ALog Converter / ALog Converter DB / ALog EVA

Back to top