Breaking down silos to enable log data collection on a central platform

Log management with archiving, analyzes and alerts as the basis for a SIEM

An IT infrastructure for 16 schools, 2 hospitals, 26 municipalities, 2 cities and an entire canton: KSD is the IT enterprise of the canton and city of Schaffhausen. The different client profiles entail varying requirements. terreActive implemented a solution that everyone could use.

Challenge: Breaking down silos

terreActive was familiar with the situation in public administration through experience: Their IT organizations are typically set up in silos (e.g. one team for basic services, one for network, etc.). The teams often use different tools for monitoring. While every silo has a good setup, they do not have any insight into the tools of the other departments. As soon as the systems are networked, dependencies are created that cannot be monitored. KSDwas fully aware of this.

Goal: Central log management as the basis for monitoring to ensure secure operations

Hybrid solution with tacLOM and Splunk

Splunk

The solution in detail

  • High storage capacity - real-time logging - available during system failures
  • Understanding raw data and simplifying troubleshooting
  • Less maintenance work
  • Outlook: Ready for the future
We needed a central overview of all relevant systems in order to be able to react quickly in our heterogeneous environment.
Roger Speckert
Executive Board Member and Head of Infrastructure, Client Engineering & Security
KSD