RE: [logs] Centralizing Audit Logging and Reporting

From: Dan Barahona (danat_private)
Date: Thu May 02 2002 - 17:00:52 PDT

Next message: Alexandre Dulaunoy: "Re: [logs] Centralizing Audit Logging and Reporting"

Previous message: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
In reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Alexandre Dulaunoy: "Re: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Brian,

You might also want to take a look at Addamark's Log Management System
(www.addamark.com) (full disclosure, I work for Addamark). The LMS was
designed solely for handling log data. It can load any log format provides
excellent loading and query performance since it runs on small clusters of
PCs. The system includes a SQL interface for submitting queries, and you can
embed Perl logic inside your SQL statement for greater flexibility.

Best,
Dan


-----Original Message-----
From: Brian Anon [mailto:brian_anonat_private]
Sent: Thursday, May 02, 2002 1:40 PM
To: loganalysisat_private
Subject: [logs] Centralizing Audit Logging and Reporting

I am in the process of creating a business case that may involve logging
system and application events to a central audit log database.  Once this is
done, I expect to be able to query the database to generate reports.

I expect the most standard approach would be to implement SYSLOGD that logs
to a RDBMS (MS SQL or Oracle).

Some of the systems and applications I may like to do this with are:
Windows 2000 Servers
CheckPoint Firewall-1
IIS RealSecure Sensors
McAfee NetShield
McAfee VirusShield
Microsoft IIS
Microsoft Exchange
Microsoft SQL
Oracle
Microsoft DNS
Citrix MetaFrame
Cisco PIX
Cisco Routers
Cisco Switches

I am prepared ro create scripts/agents that can grab an application log and
parse the information and input it into the database at scheduled intervals
or on-demand.  I understand each application may require a different table
structure.

Has anyone tried to accomplish this?  Any suggestions or comments?

Regards,
Brian, CISSP

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Alexandre Dulaunoy: "Re: [logs] Centralizing Audit Logging and Reporting"
Previous message: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
In reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Alexandre Dulaunoy: "Re: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 02 2002 - 18:18:41 PDT