RE: [logs] Centralizing Audit Logging and Reporting

From: Bill Hill (Bill_Hillat_private)
Date: Thu May 02 2002 - 14:45:50 PDT

Next message: Dan Barahona: "RE: [logs] Centralizing Audit Logging and Reporting"

Previous message: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Maybe in reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Dan Barahona: "RE: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

NFR has a product like this you should take a look at.

It's terrific!

"Accurate measurement is the beginning of all wisdom."
                       - Imhotep 2650 B.C

Bill Hill with disclaimer
Hawaii Medical Service Association
Tel:  (808) 948-6356, Fax: (808) 948-6799
email = bill_hillat_private

This electronic message is intended only for the individual or entity to
which it is addressed and may contain information that is confidential
and protected by law.  If you are not the intended recipient of this
e-mail, you are cautioned that use of its contents in any way is
prohibited and may be unlawful.  If you have received this communication
in error, please notify the sender immediately by e-mail or telephone
and return the original message by e-mail to the sender or to
postmasterat_private  We will reimburse you for any cost you incur in
notifying us of the errant e-mail.  Thank you.





-----Original Message-----
From: Brian Anon [mailto:brian_anonat_private]
Sent: Thursday, May 02, 2002 10:40 AM
To: loganalysisat_private
Subject: [logs] Centralizing Audit Logging and Reporting


I am in the process of creating a business case that may involve logging 
system and application events to a central audit log database.  Once this is

done, I expect to be able to query the database to generate reports.

I expect the most standard approach would be to implement SYSLOGD that logs 
to a RDBMS (MS SQL or Oracle).

Some of the systems and applications I may like to do this with are:
Windows 2000 Servers
CheckPoint Firewall-1
IIS RealSecure Sensors
McAfee NetShield
McAfee VirusShield
Microsoft IIS
Microsoft Exchange
Microsoft SQL
Oracle
Microsoft DNS
Citrix MetaFrame
Cisco PIX
Cisco Routers
Cisco Switches

I am prepared ro create scripts/agents that can grab an application log and 
parse the information and input it into the database at scheduled intervals 
or on-demand.  I understand each application may require a different table 
structure.

Has anyone tried to accomplish this?  Any suggestions or comments?

Regards,
Brian, CISSP

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Dan Barahona: "RE: [logs] Centralizing Audit Logging and Reporting"
Previous message: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Maybe in reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Dan Barahona: "RE: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 18:15:58 PDT