• Kenny Tardy PCR


For a system administrator, one of the main tasks that must be done is to record events (logs) that exist on a server application, as well as on the security side, a system administrator who is responsible for the security of the server. Being a problem that is managed by an administrator of this system consists of several application servers, for example, web servers, mail servers and proxy servers, and what is needed is related to realtime, so that a problem appears can be opened). Splunk and Ossim are solutions that can be used to make it easier to do the server. From the results of assault tests carried out on the web server, Splunk and Ossim can check logs of events in real time, Splunk and Ossim are able to protect the source of the ip address, destination ip address, and events or activities carried out, and can contact those conducted via e - letter. From various types of assault tests conducted, Splunk and Ossim cannot verify some attacks such as XSS, because this attack is a weakness in the web server program.