Re: [logs] Centralizing Audit Logging and Reporting

From: Jhumri Tilayia (tilayiaat_private)
Date: Fri May 03 2002 - 08:20:14 PDT

Next message: Noah White: "[logs] Windows logrotation tool?"

Previous message: Solomon, Frank: "RE: [logs] Centralizing Audit Logging and Reporting"
Maybe in reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
Reply: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Brian,

Marcus J Ranum was working on a syslog parser thingie. He wanted to release 
the source code after the Orlando SANS conference. You may want to check 
with him since it will be an integral part of the system you are trying to 
build.

Thanks.


>From: "Brian Anon" <brian_anonat_private>
>To: loganalysisat_private
>Subject: [logs] Centralizing Audit Logging and Reporting
>Date: Thu, 02 May 2002 16:40:15 -0400
>
>I am in the process of creating a business case that may involve logging 
>system and application events to a central audit log database.  Once this 
>is done, I expect to be able to query the database to generate reports.
>
>I expect the most standard approach would be to implement SYSLOGD that logs 
>to a RDBMS (MS SQL or Oracle).
>
>Some of the systems and applications I may like to do this with are:
>Windows 2000 Servers
>CheckPoint Firewall-1
>IIS RealSecure Sensors
>McAfee NetShield
>McAfee VirusShield
>Microsoft IIS
>Microsoft Exchange
>Microsoft SQL
>Oracle
>Microsoft DNS
>Citrix MetaFrame
>Cisco PIX
>Cisco Routers
>Cisco Switches
>
>I am prepared ro create scripts/agents that can grab an application log and 
>parse the information and input it into the database at scheduled intervals 
>or on-demand.  I understand each application may require a different table 
>structure.
>
>Has anyone tried to accomplish this?  Any suggestions or comments?
>
>Regards,
>Brian, CISSP
>
>_________________________________________________________________
>Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: loganalysis-unsubscribeat_private
>For additional commands, e-mail: loganalysis-helpat_private




_________________________________________________________________
Send and receive Hotmail on your mobile device: http://mobile.msn.com


---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Noah White: "[logs] Windows logrotation tool?"
Previous message: Solomon, Frank: "RE: [logs] Centralizing Audit Logging and Reporting"
Maybe in reply to: Brian Anon: "[logs] Centralizing Audit Logging and Reporting"
Next in thread: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Next in thread: Bill Hill: "RE: [logs] Centralizing Audit Logging and Reporting"
Reply: Marcus J. Ranum: "Re: [logs] Centralizing Audit Logging and Reporting"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri May 03 2002 - 08:21:45 PDT