Solved

Would appreciate some logging guidance...

Posted on 2007-11-30
1
206 Views
Last Modified: 2013-11-08
From the point of view of network systems and security, what is the best practice for what to include in the log so its not over (or more important) under whelmed?  and if you throw in what you alert off of, might me helpful as well.  Would like this as a double check on what I am doing...
Thanks!
0
Comment
Question by:NetAdminGuy
1 Comment
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 125 total points
ID: 20390799
as per the relevant international standard, ISO 17799 IT - Security techniques - Code of practice for information security management, you should include the following information (see code snippet) in your log implementation, when relevant.

FYI: ISO/IEC 27002
http://en.wikipedia.org/wiki/ISO/IEC_17799

hope it helps,
bbao
a) user IDs;

b) dates, times, and details of key events, e.g. log-on and log-off;

c) terminal identity or location if possible;

d) records of successful and rejected system access attempts;

e) records of successful and rejected data and other resource access attempts;

f) changes to system configuration;

g) use of privileges;

h) use of system utilities and applications;

i) files accessed and the kind of access;

j) network addresses and protocols;

k) alarms raised by the access control system;

l) activation and de-activation of protection systems, such as anti-virus systems and intrusion detection systems.

Open in new window

0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Account Lockouts 25 144
What is a hashed password and/or MD5? 5 60
active directory 6 73
More Than One Website On Same DMZ Server 3 46
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now