[logs] Re: Which reports are most important?

From: James Turnbull (james@private)
Date: Wed May 17 2006 - 20:23:35 PDT

Quoting Chris Brenton <cbrenton@private>:

> What do you feel are the top 5 reports a centralized log management
> system should provide?

This is not so much my Top 5 but some additions to your list below.

Users/groups created/deleted/changed
Anti-virus / spam detection (alerts for AV and stats for spam)
FW/VPN/gateway ruleset & configuration changes
Tripwire-style reports for critical files/hosts
Failed jobs/cron/batches


James Turnbull

James Turnbull <james@private>
Author of Pro Nagios 2.0

Hardening Linux
PGP Key (http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x0C42DF40)
LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Wed May 17 2006 - 20:40:45 PDT