Luis, > You are right Rainer, > actually we are not auditing anything in our network (our > Audit Policy is "Do Not Audit"), and we gonna start auditing > everything (see the image attached). > My doubts are: > > 1.- What's gonna be the impact of our "full auditing" > desition?, how can I evaluate it? > > 2.- When we will get the information contained in the > generated log files, how can we "read" the information they contain?. > > 3.- How necceary is the "full auditing" in a network? Actually, I would recommend to define first what you are looking for. Everything is really much. Of course it helps, but depending on what your goal is, you may eventually need to turn out some file system audits. Other audit logs may not be necessary. In plain, you can't turn on full auditing logs including file system - at least if you don't expect to spend around half to 90% of your hardware for auditing purposes... ... At least this is my experience - anybody else? Rainer _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Aug 06 2003 - 07:16:53 PDT