?
Solved

Would appreciate some logging guidance...

Posted on 2007-11-30
1
Medium Priority
?
215 Views
Last Modified: 2013-11-08
From the point of view of network systems and security, what is the best practice for what to include in the log so its not over (or more important) under whelmed?  and if you throw in what you alert off of, might me helpful as well.  Would like this as a double check on what I am doing...
Thanks!
0
Comment
Question by:NetAdminGuy
1 Comment
 
LVL 37

Accepted Solution

by:
bbao earned 375 total points
ID: 20390799
as per the relevant international standard, ISO 17799 IT - Security techniques - Code of practice for information security management, you should include the following information (see code snippet) in your log implementation, when relevant.

FYI: ISO/IEC 27002
http://en.wikipedia.org/wiki/ISO/IEC_17799

hope it helps,
bbao
a) user IDs;
b) dates, times, and details of key events, e.g. log-on and log-off;
c) terminal identity or location if possible;
d) records of successful and rejected system access attempts;
e) records of successful and rejected data and other resource access attempts;
f) changes to system configuration;
g) use of privileges;
h) use of system utilities and applications;
i) files accessed and the kind of access;
j) network addresses and protocols;
k) alarms raised by the access control system;
l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

Open in new window

0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question