Post on 19-Dec-2015
Advanced security log analysis◦ Visualization of the info◦ Various geographical statistics◦ Comparing statistics to the general data
Trying to save internal data in the organization
Simple requirements from the clients Simple update mechanism
Project goal
2 Servers, 1 Client◦ General server - traditional server side◦ Data server – server inside the client organization◦ Client page – HTML page on the Data server
working as web application Technology
◦ General server – Tomcat web server running JSP as server language + MySQL as DB engine
◦ Data server – Some web server (we use Tomcat + MySQL)
◦ Client side – HTML + JavaScript (using AJAX)
System architecture
Requirements, answers and pitfalls
Trying to save internal data in the organization
Simple requirements from clients
Simple update mechanism
Client side as a simple HTML
page
There is not too much thing you
can do?
No requirements for specific Data
server architecture
How we will get the needed
data?
We don’t want to update the
page on all data servers!
The solutionThere is not too much thing you
can do with HTML?
How we will get the needed
data?
We don’t want to update the
page on all data servers!
We will use Dynamic HTML
(JavaScript)
We will use AJAX (or AJAX like) to communicate
with the servers
The client page will include only
reference to startup script
Cross Domain security policy!
Geographical IP mapping - MaxMind◦ GeoLite Country and GeoLite city services◦ Free to use◦ Worldwide coverage◦ Accuracy 99.3% on a country level◦ Accuracy 76% on a city level
Displaying to the user – Google Maps◦ Free to use◦ AJAX communications without server side◦ Customizable environment
Geographical services we use
IP mapping – you give an IP and we will display it’s location on the map
Group IP mapping – you give us an IP group and we will display the group on the map with country and city statistics of the group
Radius queries – provide us a point on a map and radius and we will display you all the events in the circle that we know about them
Time tracking – provide us log with timings and we will give you a trace of the places in the log
Services we give
IP type resolving – give us an IP list and we will return you the list which of them are known to be anonymous proxies
Statistics – statistics we give about IP groups are shown in a graphical manner (charts or pies)
Client dependent service types – every client get the services that his data server know to process
Services we give