Solved

Would appreciate some logging guidance...

Posted on 2007-11-30
1
210 Views
Last Modified: 2013-11-08
From the point of view of network systems and security, what is the best practice for what to include in the log so its not over (or more important) under whelmed?  and if you throw in what you alert off of, might me helpful as well.  Would like this as a double check on what I am doing...
Thanks!
0
Comment
Question by:NetAdminGuy
1 Comment
 
LVL 37

Accepted Solution

by:
bbao earned 125 total points
ID: 20390799
as per the relevant international standard, ISO 17799 IT - Security techniques - Code of practice for information security management, you should include the following information (see code snippet) in your log implementation, when relevant.

FYI: ISO/IEC 27002
http://en.wikipedia.org/wiki/ISO/IEC_17799

hope it helps,
bbao
a) user IDs;
b) dates, times, and details of key events, e.g. log-on and log-off;
c) terminal identity or location if possible;
d) records of successful and rejected system access attempts;
e) records of successful and rejected data and other resource access attempts;
f) changes to system configuration;
g) use of privileges;
h) use of system utilities and applications;
i) files accessed and the kind of access;
j) network addresses and protocols;
k) alarms raised by the access control system;
l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

Open in new window

0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Wordpress Security 29 75
Using GMail for Scanning 5 46
Well known ports and optimal ports scanning range 12 100
PGP software 3 43
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question