Monitoring Physical Security With Graylog

Most, if not all of these cases involve a separate application or systems and they require you to manage and view them all individually for important information.

Logging Sources in Graylog

Logging all these sources into Graylog will give you that central pane of glass for the view of all these different sources saving time, money, and access right at your fingertips. Here are our log sources that could be sent to Graylog:

  • intrusion alarms and logs sent to Graylog
  • smart lighting systems logs,
  • smart ups and  backup power generator logs
  • environmental monitoring like temperature, humidity, and water controls,
  • onboarding and off-boarding of staff and network accounts and assets
  • security card access, access levels to IT rooms closets and all doors

Example

Let’s go through a quick example.

Number one: security card logging and Alerts to IT.

Staff could be sent alerts when HVAC maintenance staff entered server rooms, followed by other correlating events. For example, when power is lost during a timeframe or temperature problems in a server room. Another one would be onboarding or off-boarding of staff and timely termination of network accounts, and the deletion of security card access is an example of correlation monitoring of internal processes to ensure you’ve appropriately managed those assets.

Monitoring for piggybacking by looking at the badge in and outs per day and monitoring access to IT rooms, closets, and internal/external doors.

Here you’ll see a dashboard where I’ve integrated a critical actual card system for access through doors to different buildings within an organization. As you see on the right-hand side, there’s a variety of timestamps for the individuals coming in and out of the actual location, and on the left-hand side, a ticker count for the ins and outs per building per user down below because the geolocation information is being stored, It is actually showing the actual locations of where these individuals are logging in and out.

Number two: environmental monitoring.

  • Dashboards and alerts on ups
  • low batteries, or failed generator activity
  • monitoring smart lighting systems for operational needs
  • Dashboards and alerts  on key temperature, humidity
  • alarms monitoring staff in and out of a building during fire incidents or fire drills, or after-hours activities.

Next let’s look at that scenario.

In this dashboard, you’ll see a variety of things for environmental monitoring from minimum temperatures, maximum temperatures, minimum humidity, and maximum humidity and your UPS battery status in real-time, followed by your minimum, maximum temperatures over time.

Hopefully, this dashboard and the one previous is giving you some ideas of what things can be sent into Graylog and how that can be used in your environment so that you have the full picture of what’s going on with your physical security.

Thanks for joining us, and happy logging with Graylog.