Re: [logs] Centralizing Audit Logging and Reporting

From: Alexandre Dulaunoy (alexat_private)
Date: Thu May 02 2002 - 23:09:59 PDT

  • Next message: Lubomir.Nistor@star-21.de: "RE: [logs] Centralizing Audit Logging and Reporting"

    You can look around IPFC (a Free Software released under GNU General 
    Public License). 
    
    We have a generic schema for the DBMS that can contain any information in 
    it. 
    
    http://www.conostix.com/ipfc/ 	http://www.sf.net/projects/ipfc/
    
    Hope this helps.
    
    adulau
    
    
    On Thu, 2 May 2002, Brian Anon wrote:
    
    > I am in the process of creating a business case that may involve logging 
    > system and application events to a central audit log database.  Once this is 
    > done, I expect to be able to query the database to generate reports.
    > 
    > I expect the most standard approach would be to implement SYSLOGD that logs 
    > to a RDBMS (MS SQL or Oracle).
    > 
    > Some of the systems and applications I may like to do this with are:
    > Windows 2000 Servers
    > CheckPoint Firewall-1
    > IIS RealSecure Sensors
    > McAfee NetShield
    > McAfee VirusShield
    > Microsoft IIS
    > Microsoft Exchange
    > Microsoft SQL
    > Oracle
    > Microsoft DNS
    > Citrix MetaFrame
    > Cisco PIX
    > Cisco Routers
    > Cisco Switches
    > 
    > I am prepared ro create scripts/agents that can grab an application log and 
    > parse the information and input it into the database at scheduled intervals 
    > or on-demand.  I understand each application may require a different table 
    > structure.
    > 
    > Has anyone tried to accomplish this?  Any suggestions or comments?
    > 
    > Regards,
    > Brian, CISSP
    > 
    > _________________________________________________________________
    > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
    > 
    > 
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > For additional commands, e-mail: loganalysis-helpat_private
    > 
    
    -- 
    Alexandre Dulaunoy			adulauat_private
    					http://www.conostix.com/
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Fri May 03 2002 - 08:15:40 PDT