Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Log management
From: John Bullock <John.Bullock () DAL CA>
Date: Wed, 31 Jan 2007 09:53:55 -0400

We are also looking into better (i.e. centralized) logging.  I don't have
all the answers yet either but would like to add one item that is often
forgotten: Logging of MFD (multi-function device) access.

Obviously you will not want to log every print, scan or fax job but if your
MFD supports it I think you should consider logging access to the MFD's
configuration interface.

Cheers,

John Bullock
Information Security Manager
Dalhousie University
(902) 494-2790
________________________________________
From: Mclaughlin, Kevin L (mclaugkl) [mailto:mclaugkl () UCMAIL UC EDU] 
Sent: 2007 January 31 09:34
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Log management

Hi Charlie:
If you aren't in a hurry touch back with me in a month or so and I should
have some good data to share with you. We have an RFI for a solution out now
and the following is a list of just a few of the vendors who have stated
they are responding:
 
IBM/ISS
CISCO
Secure State
Fusion
CA
HP
Cambia
Tripwire
and a handful of local vendors
 
If anyone else wants a summary of what we find out just let me know and I'll
send it your way.
 
-Kevin
 

________________________________________
From: Charles L. Bombard [mailto:BombardC () CCV EDU]
Sent: Wed 1/31/2007 8:01 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Log management
Hey everyone,

        What would you all recommend for central log management? We are
currently looking at GFI eventmanager. The ideal solution will combine
the monitoring of both windows and linux logs, and have the ability to
generate alerts based on our settings.

        Recommendations of things to look at as well as things to avoid
is appreciated.

-Charlie

==========================================

Charles Bombard, GSEC
LAN/Systems Administrator
Community College of Vermont
119 Pearl Street
Burlington, VT 05401
802.657.4234
bombardc () ccv edu

PRIVACY & CONFIDENTIALITY NOTICE: This message is for the designated
recipient only and may contain privileged, confidential, or otherwise
private information. If you have received it in error, please notify the
sender immediately and delete the original. Any other use of an email
received in error is prohibited.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]