Patrick,
I am curious what prompted such integrity requirements - regulation,
internal policy or something else? I am sure other list members are
curious about it as well ...
On 8/21/06, Patrick Debois <Patrick.Debois@private> wrote:
> I'm looking for feedback how centralized log solutions handle data
> integrity; If you would log directly to a central system, that log is
> the only source. So you would miss something to compare against.
>
> -Would you rely on taking checksums of the logs and storing them on
> another system?
> -How do you protect yourself from the fact that the central logging is
> compromised with a still growing logfile?
> Would you consider signing each log line? Signing within a text file is
> fairly easy, but what about content stored in a database?
>
> My customer is currently looking at Splunk. It seems a great way to go
> through the logfiles, but I'm not sure that we can fullfill his
> dataintegrity requirements with it. But then again it does not stand in
> the way of another solution doing it probable.
>
> Patrick
>
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis@private
> http://lists.shmoo.com/mailman/listinfo/loganalysis
>
--
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
http://www.chuvakin.org
http://www.securitywarrior.com
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 12:37:14 PDT