Solved

Would appreciate some logging guidance...

Posted on 2007-11-30
1
208 Views
Last Modified: 2013-11-08
From the point of view of network systems and security, what is the best practice for what to include in the log so its not over (or more important) under whelmed?  and if you throw in what you alert off of, might me helpful as well.  Would like this as a double check on what I am doing...
Thanks!
0
Comment
Question by:NetAdminGuy
1 Comment
 
LVL 37

Accepted Solution

by:
bbao earned 125 total points
ID: 20390799
as per the relevant international standard, ISO 17799 IT - Security techniques - Code of practice for information security management, you should include the following information (see code snippet) in your log implementation, when relevant.

FYI: ISO/IEC 27002
http://en.wikipedia.org/wiki/ISO/IEC_17799

hope it helps,
bbao
a) user IDs;
b) dates, times, and details of key events, e.g. log-on and log-off;
c) terminal identity or location if possible;
d) records of successful and rejected system access attempts;
e) records of successful and rejected data and other resource access attempts;
f) changes to system configuration;
g) use of privileges;
h) use of system utilities and applications;
i) files accessed and the kind of access;
j) network addresses and protocols;
k) alarms raised by the access control system;
l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

Open in new window

0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise Password Manager Suites as well as Local Password managers are covered in this article.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now