Anton Chuvakin wrote: > Patrick, > > I am curious what prompted such integrity requirements - regulation, > internal policy or something else? I am sure other list members are > curious about it as well ... It's the ICT departement getting paranoid. I guess that is not the first time ;-( The customer is financial related but currently we're not looking at specific regulations. > > On 8/21/06, Patrick Debois <Patrick.Debois@private> wrote: >> I'm looking for feedback how centralized log solutions handle data >> integrity; If you would log directly to a central system, that log is >> the only source. So you would miss something to compare against. >> >> -Would you rely on taking checksums of the logs and storing them on >> another system? >> -How do you protect yourself from the fact that the central logging is >> compromised with a still growing logfile? >> Would you consider signing each log line? Signing within a text file is >> fairly easy, but what about content stored in a database? >> >> My customer is currently looking at Splunk. It seems a great way to go >> through the logfiles, but I'm not sure that we can fullfill his >> dataintegrity requirements with it. But then again it does not stand in >> the way of another solution doing it probable. >> >> Patrick >> >> >> _______________________________________________ >> LogAnalysis mailing list >> LogAnalysis@private >> http://lists.shmoo.com/mailman/listinfo/loganalysis >> > > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 23 2006 - 12:41:34 PDT