Ask the Expert

Logging resources and products

We have a multiple platform-operating environment that includes Solaris, Novell and Windows (NT and 2000). Our goal is to activate a baseline audit/logging process. The items to be logged are signon, signoff, all successful file/object accesses and all denied file/object accesses. Besides the vendor documentation, are there any reputable references that describe the logging process on these platforms and what parameters to set? Also, do you know of any (freeware, shareware and commercial) products that process the logged information and produce useful and usable reports?


    Requires Free Membership to View

The vendor documentation is frequently the best place.

However, the usual security resources (Security Focus, Security Portal, SANS, CSI) also have resources and white papers on how to harden systems and set up logging on them.

There are a number of products that can help you with what you want to do. Axent (Secure Enterprise Manager), Cybersafe (Centrax) and Clicknet (Entercept) all make products that help you log and monitor your systems. Other products that help with producing logs and reports can be found from companies like Open.com, netForensics, and Intellitactics (www.itactics.com), which have products you might find useful for event correlation and reporting. Additionally, Counterpane has a service that monitors and reports security systems for you.


This was first published in April 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: