Educause Security Discussion mailing list archives
Re: Log management
From: "Charles L. Bombard" <BombardC () CCV EDU>
Date: Wed, 31 Jan 2007 09:36:25 -0500
Good point! Thanks. -Charlie ========================================== Charles Bombard, GSEC LAN/Systems Administrator Community College of Vermont 119 Pearl Street Burlington, VT 05401 802.657.4234 bombardc () ccv edu PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated recipient only and may contain privileged, confidential, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of an email received in error is prohibited. -----Original Message----- From: John Bullock [mailto:John.Bullock () DAL CA] Sent: Wednesday, January 31, 2007 8:54 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Log management We are also looking into better (i.e. centralized) logging. I don't have all the answers yet either but would like to add one item that is often forgotten: Logging of MFD (multi-function device) access. Obviously you will not want to log every print, scan or fax job but if your MFD supports it I think you should consider logging access to the MFD's configuration interface. Cheers, John Bullock Information Security Manager Dalhousie University (902) 494-2790 ________________________________________ From: Mclaughlin, Kevin L (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU] Sent: 2007 January 31 09:34 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Log management Hi Charlie: If you aren't in a hurry touch back with me in a month or so and I should have some good data to share with you. We have an RFI for a solution out now and the following is a list of just a few of the vendors who have stated they are responding: IBM/ISS CISCO Secure State Fusion CA HP Cambia Tripwire and a handful of local vendors If anyone else wants a summary of what we find out just let me know and I'll send it your way. -Kevin ________________________________________ From: Charles L. Bombard [mailto:BombardC () CCV EDU] Sent: Wed 1/31/2007 8:01 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Log management Hey everyone, What would you all recommend for central log management? We are currently looking at GFI eventmanager. The ideal solution will combine the monitoring of both windows and linux logs, and have the ability to generate alerts based on our settings. Recommendations of things to look at as well as things to avoid is appreciated. -Charlie ========================================== Charles Bombard, GSEC LAN/Systems Administrator Community College of Vermont 119 Pearl Street Burlington, VT 05401 802.657.4234 bombardc () ccv edu PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated recipient only and may contain privileged, confidential, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of an email received in error is prohibited.
Current thread:
- Log management Charles L. Bombard (Jan 31)
- <Possible follow-ups>
- Re: Log management Mclaughlin, Kevin L (mclaugkl) (Jan 31)
- Re: Log management John Bullock (Jan 31)
- Re: Log management Jeff Giacobbe (Jan 31)
- Re: Log management Alex Campoe (Jan 31)
- Re: Log management Charles L. Bombard (Jan 31)
- Re: Log management Chris Green (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Isaac Straley (Jan 31)
- Re: Log management Nick Lewis (Jan 31)
- Re: Log management Greg Vickers (Jan 31)
- Re: Log management Jason Richardson (Feb 01)
- Re: Log management John Ladwig (Feb 01)
- Re: Log management Wes Young (Feb 01)
- Re: Log management Mark Bauer (Feb 01)
(Thread continues...)