Treffer: Distributed Log Correlation and Audit Readiness in NIH Unix Environments

Title:
Distributed Log Correlation and Audit Readiness in NIH Unix Environments
Authors:
Raj, Naveen, Priya, Lavanya, V., Sindhuja, S., Jeevan .
Publisher Information:
Zenodo
Publication Year:
2024
Collection:
Zenodo
Subject Terms:
Distributed Logging, Log Correlation, NIH UNIX Infrastructure, Audit Readiness, Compliance Automation, Syslog-ng, Splunk, Auditd, Log Normalization, Forensic Auditing, FISMA Compliance
Document Type:
Fachzeitschrift text
Language:
unknown
ISSN:
3048-7722
Relation:
https://zenodo.org/records/16152688; oai:zenodo.org:16152688; https://doi.org/10.5281/zenodo.16152688
DOI:
10.5281/zenodo.16152688
Availability:
https://doi.org/10.5281/zenodo.16152688
https://zenodo.org/records/16152688
Rights:
Creative Commons Attribution 4.0 International ; cc-by-4.0 ; https://creativecommons.org/licenses/by/4.0/legalcode
Accession Number:
edsbas.5D3650B8
Database:
BASE

Weitere Informationen

Distributed log correlation has become a cornerstone of operational integrity and audit preparedness in large-scale scientific computing environments like those found at the National Institutes of Health (NIH). Within NIH's UNIX-based infrastructure which spans Solaris, AIX, and Red Hat Enterprise Linux (RHEL) ensuring a unified view of disparate log streams is essential to maintain data integrity, respond to security incidents, and satisfy regulatory mandates such as FISMA, HIPAA, and NIST SP 800-53. The sheer heterogeneity and volume of system logs present a significant challenge for IT administrators aiming to implement a consistent, scalable, and audit-ready logging infrastructure. This review explores how distributed log correlation, centralized aggregation, and normalization pipelines are employed to overcome these challenges. Key tools including syslog-ng, rsyslog, auditd, Splunk, and ELK Stack serve as the foundation for ingesting, transforming, and analyzing logs from various platforms and services. These tools are supplemented by custom shell and Python scripts for ETL (Extract, Transform, Load) processes and correlation enrichment. Real-time correlation engines, timestamp normalization, and structured alerting mechanisms allow NIH IT teams to rapidly detect anomalies and initiate automated triage, supporting both operational visibility and forensic traceability. The article further examines retention policies, immutable logging practices, and metadata enrichment strategies that help establish reliable audit trails. Through real-world examples from NIH data centers, including rogue job detection in HPC clusters and login anomaly analysis on air-gapped Solaris nodes, we illustrate the practical outcomes of implementing such a framework. Finally, we explore future trends such as machine learning-based anomaly detection, cloud integration for hybrid research environments, and compliance-as-code techniques. These strategies collectively support NIH’s mission of secure, compliant, and data-resilient ...