The centralized log management and the log analyzer

Background

An effective national response to COVID-19 requires collective efforts by the global community, multi-sectoral coordination at the national level, development partners, and other entities. The Meeting Targets and Maintaining Epidemic Control (EpiC) consortium is well positioned to support the Royal Thai Government (RTG), community partners, and the U.S. Agency for International Development (USAID) to mitigate the impact of COVID-19.

EpiC will provide support to strengthen the Thailand Ministry of Public Health (MoPH), provincial, and community capacity to reduce the transmission of COVID-19 and mitigate its impacts on morbidity and mortality with key two objectives (1) accelerating widespread and equitable access to and delivery of safe and effective COVID-19 vaccinations; (2) reducing morbidity and mortality from COVID-19, mitigate transmission, and strengthen health systems, including to prevent, detect, and respond to pandemic threats.

Due to the law on computer related crime 2016 requiring for the retention of the computer traffic data for at least 90 days and the significant increasing number of COVID-19 data, particularly from MoPH Co-Vaccine database, the Center of IT and Communication Services of Office of the Permanent Secretary is required for strengthening its capacity on log management and analysis system of the COVID-19 traffic data. This request is under the 1st Objective at Activity 1.4.2 support for cloud-based data platform. Therefore, EpiC will support the MoPH by procuring two computer equipment which are 1 unit of “the centralized log management” and 1 unit of “the log analyzer”. Both computer equipment will be located and installed at the IT and Communication Service Center of the Office of the Permanent Secretary, Thai Ministry of Public Health.

List of products

1. 1 unit of the centralized log management (Brand: NetEvid / Model: V-6200)
2. 1 unit of the log analyzer (Brand: Fortinet / Model: FortiAnalyzer 3000G)

Product specifications

1. The centralized log management (Brand: NetEvid / Model: V-6200)

1.1 The system is a standardized appliance device or computer device which can collect logs or events that occurred in appliance and non-appliance devices, such as firewalls, network devices, operating systems, applications, networks, and databases with unlimited devices per system.

1.2 The system has at least a Dual Processor 8-Core Central Processing Unit (CPU).

1.3 The system has at least 64 GB of memory unit.

1.4 The system has at least 2 ports of 10/100/1000 BaseTX network channels and at least 2 ports of 10GbE network channels.

1.5 The system has a RAID controller that at least supports RAID 0, 1, 5, and 10 with at least 8 units of 4TB hard disk and at least 2 units of M.2 SSD hard disk to increase read and write performance.

1.6 The system has a redundant AC power supply.

1.7 The system can collect events per second for at least 60,000 EPS.

1.8. The system has a data encryption system for verifying stored data according to the SHA-256 standard.

1.9 The system can collect log files in the Syslog format of the devices, including routers, switches, firewalls, VPNs, and servers.

1.10 The system can manage devices through the HTTPS standard, Command Line Interface, and SSH.

1.11 The system can perform log collection that complies with the currently effective Computer-related Crime Act, and log file collection and security are accredited, for example, by the National Science and Technology Development Agency’s Standard (NTS 4003.1-2560).

1.12 The system can perform data backup to external storage devices, such as Tape, DVD, or external storage.

1.13 The system can at least perform AES-256, AES-128, and DES encryption on log data in case of downloading files to the external system to prevent modification of the log data.

1.14 The system can alert administrators via Email and Line Notify when there is an event that meets the determined conditions or an irregular event of the devices.

1.15 The system can compress the data on the storage with a ratio of 15:1.

1.16 The system can store the database in NoSQL format for data storing and searching speed.

1.17 The system must have technology that indexes log file data for efficiency in searching with support in full-text search and search by specifying fields that can determine conditions for searching, such as AND, OR, Wildcard expression, Regular expression, and time or scope of searching.

1.18 The system supports a custom log parser or custom log template in the system without the need for third-party software.

1.19 The system can collect computing traffic data in centralized and forwarder modes.

1.20 The system can create an ad-hoc report, day report, weekly report, and monthly report.

1.21 The system has the interface reporting graphs and data tables that can work on the same appliance (on-box reporting) about at least these data, such as Top 10 IP Sources, Top 10 Users, Top 10 URLs, Top 10 Applications, and Top 10 Threats.

1.22 The system can report in these graphic formats, including bar charts, line charts, pie charts, radar charts, donut charts, and polar area charts.

1.23 The system can export a report in PDF, XML, XLSX, CSV, HTML, XHTML, DOCX, and OpenOffice format.

1.24 The system can verify the online or working status of a device sending logs to the and can inform the last day that the log was sent to the system.

1.25 The system can inform the Average EPS and the Peak EPS in a day, weekly, and monthly formats.

1.26 The system can separate log collections of different domains and access to the data.

1.27 The system can determine different permissions to use the system for each administrator.

1.28 The system can search log data from the devices that send logs through IPv4 and IPv6.

1.29 The system can work as NTP Server for devices in the same network.

2. The log analyzer (Brand: Fortinet / Model: FortiAnalyzer 3000G)

2.1 The system is hardware appliance devices that have been updated Firmware to Hardened already.

2.2 The system has at least 2 ports of RJ-45 and at least 2 ports of 25GbE SFP28 network channels.

2.3 The system has a RAID controller that at least supports RAID 0, 1, 5, 6, 50 and 10 with at least 16 units of 4TB hard disk.

2.4 The system can collector sustained rate logs per sec for at least 60,000 logs/sec.

2.5 The system can analytic sustained rate logs per sec for at least 42,000 logs/sec.

2.6 The system can collect log files in the Syslog format.

2.7 The system has a redundant AC power supply.

2.8 Supports forensic analysis by collecting and filtering events from at least the following data.

2.8.1 Username

2.8.2 Email Address

2.9 Able to encrypt the transmission and reception of computer traffic with Firewall used by the Office of the Permanent Secretary for Public Health (Fortinet Fortigate).

2.10 Able to collect at least the following traffic data.

2.10.1 source IP address

2.10.2 Destination IP address

2.10.3 Destination port such as tcp port 80 etc.

2.11 Able to generate application analysis reports can be issued at least: Top application by Bandwidth, Top application by session, Session, Top WebSites and Top threats.

2.12 Able to generate bandwidth reports can be issued at least: Bandwidth Summary and Sessions Summary

2.13 Able to generate application usage and risk reports can be issued at least: Botnet, Proxy Avoidance and Peer to Peer.

2.14 Able to generate security reports can be issued at least: Number of Session, Top Users by Session, Top Users by Bandwidth and Malware Detected.

Vender requirement

1. The vender must be legally registered as the legal entity in Thailand.

2. The vender must receive the letter from the manufacturer, or the manufacturer of Thailand directly certify.

3. The vender must be able to technically install both computer equipment to the MoPH’s data server system and provide after-sales service with high quality of service during the guaranteed period.

4. The vender can choose to submit the Quotation for both products or submit the Quotation for only one product that it is interested to offer for sale.

Submission documents

1. Quotation in English contains the following information: price, delivery of products, payment method, warranty information and other relevant conditions/information.

2. The formal legal documents related to the company such as company certificate, company profile including works/project experiences, VAT certificate, and other related documents must be submitted.

Evaluation

Evaluation will be based on the specifications, price, timeline, delivery, payment method and working experiences of the vender.

Reserved Rights

All RFQ responses become the property of FHI 360, who reserves the right in its sole discretion to:

• Disqualify any offer based on offeror failure to follow solicitation instructions.

• Reserve the right to award based on the initial evaluation of offers without discussion.

• FHI 360 will not compensate vendors for preparation of their response to this RFQ.

• Issuance of this RFQ is not a guarantee that FHI 360 will award a purchase order

How to apply

Response deadline and format

1. Responses to this RFQ should be submitted by email to 2 email addresses

   1. Send email to Siroat Jittjang, Program Manager at [email protected]
   2. Also, cc. the email to the procurement team at [email protected]

2. All the files submitted are in pdf format.

3. The Quotation to be submitted must be valid at least 60 days (or more) from the submission date.

4. The deadline for submission is 24 January 2023 at 17.00 (Thailand time). Any Quotation received after the deadline will be considered as non-responsive and will not be accepted.

5. FHI 360 will acknowledge receipt of your Quotation by return email.