top of page

Syslog Access List

In the Log Archives > Syslog Access List section, the system displays the complete list of acquired Syslog logs.

Each row represents an event received from remote devices configured to send their logs to the BusinessLog server.

The table shows, for each event, the main information:
date, time, category, source, IP address, user, processing status, and any alerts or critical issues.

Syslog Access List.png

Syslog Configuration Assistant

This AI-based function helps with the configuration of network devices to forward Syslog logs to the BusinessLog server.
It is sufficient to specify the brand, model, and firmware version of the device: the system automatically generates detailed instructions for enabling the Syslog service and correctly transmitting logs to BusinessLog:

Immagine2.png

The response can be printed or exported as a PDF by clicking [Print].

Explain selected log

This function uses an AI-powered semantic analysis engine to automatically interpret the content of a single Syslog event.​

The system analyzes the message and provides a detailed explanation divided into sections:

  • What happened: describes the detected event in natural language, indicating the user, device, and technical context (e.g., accesses, errors, or modifications).

  • Why it matters: explains the relevance of the event, highlighting risks, vulnerabilities, or security implications.

  • Actions: suggests recommended checks or verifications for managing the event or resolving the issue.

When specific information is not available for a given event, the Wiki tab displays the technical details of the event ID, along with possible alternative actions or suggestions for further investigation.

Immagine3.png
Immagine4.png

The explanation can be printed or saved using the commands available at the bottom of the window.

AI Analysis

This function uses an AI model to automatically analyze the collected logs and identify abnormal behaviors, recurring patterns, or potentially suspicious activities. The system processes the recorded data and presents the results in a summarized form, classifying events by type of anomaly and risk level.​

For each event, the following information is displayed:

  • Details: technical information (event ID, area, and source device).

  • Relevance: explains why the log is considered significant or potentially critical.

  • ML Indicator: highlights the detection criteria applied by the machine learning engine.

  • Actions: provides operational suggestions for verification and mitigation.

Immagine5.png

The results can be saved or printed directly from the window for later consultation or archiving.

SysList Analysis

This function performs an in-depth processing of the collected logs, generating an automatic technical report in SOC (Security Operations Center) style. Its goal is to identify critical or potentially harmful events, highlighting their importance and the recommended actions for operational management.

The report is presented in columns to improve readability:​

  • Date/Time: the moment when the event was recorded.

  • Line: the technical detail of the original log.

  • Why it matters: explains the significance of the event, indicating the type of risk (e.g., detected threat, service interruption, known vulnerability).

  • Action: suggests the steps to take for verification, mitigation, or resolution of the issue.

Immagine6.png

Each analysis report can be saved or printed to document the investigations carried out or to share the findings with the SOC team.

Log
Archives

bottom of page