Everyone has logs. Scattered across dozens of servers, in different formats, often overwritten after a few days. When a security incident or an auditor arrives, the needle-in-a-haystack search begins — if the haystack still exists at all. For NIS2 and audit that is not enough. Logs must be evidence.
Why Logmanager
Logmanager is a Czech log management solution whose strengths are easy operation and a simple licensing model. Components ship as a virtual or hardware appliance — deploy fast, without weeks of configuration.
When logs must be evidence
The difference between "having logs" and "having evidence" is how they are stored. Logmanager centralizes, normalizes and protects logs against change. When an auditor wants to know who accessed a system on March 14 at 3:00, you find it in seconds — not days.
- Centralization — all logs (servers, F5, firewalls, apps) in one place.
- Immutability — logs cannot be edited retroactively, crucial for audit.
- Correlation — linking events across systems reveals what individual logs would hide.
# Centralizing logs into Logmanager — from dozens of servers to one place
- name: Point logs from all servers to Logmanager
hosts: all
become: true
tasks:
- name: Deploy rsyslog forwarding (TLS)
ansible.builtin.template:
src: 60-logmanager.conf.j2
dest: /etc/rsyslog.d/60-logmanager.conf
mode: "0644"
vars:
lm_collector: "logmanager.internal"
lm_protocol: "tcp" # encrypted transport
lm_port: 6514 # syslog over TLS
- name: Restart rsyslog
ansible.builtin.service:
name: rsyslog
state: restarted
- name: Send a test event to verify
ansible.builtin.command: logger "weautomate-pipeline test event"
changed_when: false # confirms the log path worksKey point: a single playbook deploys uniform forwarding across the whole estate. Logmanager then normalizes, indexes and stores logs immutably — chaos becomes searchable evidence. More on NIS2 in the directive overview.
Finding "who accessed system X on day Y" took ~3 days of manually combing logs across servers during an audit. With Logmanager: an 8-second query over a centralized index. Illustrative figures — verify before publishing.
Reality check
Log management is not "deploy and forget." It needs a thoughtful design of what to collect (everything = expensive and useless) and how long to keep it. We help with the architecture, not just the install.
Frequently asked questions
What's the difference between "having logs" and "having evidence"?
Logs scattered across servers, overwritten after a few days, aren't evidence — they're data that vanishes when you need it. Evidence is a centralized, normalized, immutable record an auditor accepts. Logmanager does the latter.
Why a Czech solution instead of a big SIEM?
Logmanager has a simple licensing model and easy operation — deploy fast, without weeks of configuration and without the unpredictable data-volume costs big SIEMs charge. For most CZ/SK enterprises it's a better value ratio.
What should we collect?
Not everything — that's expensive and useless. We design the architecture: what to collect (servers, F5, firewalls, apps), how long to keep it (regulation differs from operations) and how to correlate. The design is half the battle.
Does it specifically help with NIS2?
Yes. NIS2 requires detection and provability of security events. Centralized, immutable, correlatable logs are the foundation — without them you can't reconstruct an incident or prove compliance.
Would your logs survive an audit?
Book a 20-minute call — we'll review how your logs look today and what's needed for NIS2-ready evidence. No sales pitch.
Book a 20-min call →