Re: [logs] Centralizing Audit Logging and Reporting

From: Jhumri Tilayia (tilayiaat_private)
Date: Fri May 03 2002 - 08:20:14 PDT

  • Next message: Noah White: "[logs] Windows logrotation tool?"

    Hi Brian,
    
    Marcus J Ranum was working on a syslog parser thingie. He wanted to release 
    the source code after the Orlando SANS conference. You may want to check 
    with him since it will be an integral part of the system you are trying to 
    build.
    
    Thanks.
    
    
    >From: "Brian Anon" <brian_anonat_private>
    >To: loganalysisat_private
    >Subject: [logs] Centralizing Audit Logging and Reporting
    >Date: Thu, 02 May 2002 16:40:15 -0400
    >
    >I am in the process of creating a business case that may involve logging 
    >system and application events to a central audit log database.  Once this 
    >is done, I expect to be able to query the database to generate reports.
    >
    >I expect the most standard approach would be to implement SYSLOGD that logs 
    >to a RDBMS (MS SQL or Oracle).
    >
    >Some of the systems and applications I may like to do this with are:
    >Windows 2000 Servers
    >CheckPoint Firewall-1
    >IIS RealSecure Sensors
    >McAfee NetShield
    >McAfee VirusShield
    >Microsoft IIS
    >Microsoft Exchange
    >Microsoft SQL
    >Oracle
    >Microsoft DNS
    >Citrix MetaFrame
    >Cisco PIX
    >Cisco Routers
    >Cisco Switches
    >
    >I am prepared ro create scripts/agents that can grab an application log and 
    >parse the information and input it into the database at scheduled intervals 
    >or on-demand.  I understand each application may require a different table 
    >structure.
    >
    >Has anyone tried to accomplish this?  Any suggestions or comments?
    >
    >Regards,
    >Brian, CISSP
    >
    >_________________________________________________________________
    >Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
    >
    >
    >---------------------------------------------------------------------
    >To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    >For additional commands, e-mail: loganalysis-helpat_private
    
    
    
    
    _________________________________________________________________
    Send and receive Hotmail on your mobile device: http://mobile.msn.com
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Fri May 03 2002 - 08:21:45 PDT