Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Would appreciate some logging guidance...

Posted on 2007-11-30
1
209 Views
Last Modified: 2013-11-08
From the point of view of network systems and security, what is the best practice for what to include in the log so its not over (or more important) under whelmed?  and if you throw in what you alert off of, might me helpful as well.  Would like this as a double check on what I am doing...
Thanks!
0
Comment
Question by:NetAdminGuy
1 Comment
 
LVL 37

Accepted Solution

by:
bbao earned 125 total points
ID: 20390799
as per the relevant international standard, ISO 17799 IT - Security techniques - Code of practice for information security management, you should include the following information (see code snippet) in your log implementation, when relevant.

FYI: ISO/IEC 27002
http://en.wikipedia.org/wiki/ISO/IEC_17799

hope it helps,
bbao
a) user IDs;
b) dates, times, and details of key events, e.g. log-on and log-off;
c) terminal identity or location if possible;
d) records of successful and rejected system access attempts;
e) records of successful and rejected data and other resource access attempts;
f) changes to system configuration;
g) use of privileges;
h) use of system utilities and applications;
i) files accessed and the kind of access;
j) network addresses and protocols;
k) alarms raised by the access control system;
l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

Open in new window

0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question