Log Management
Hi can any one assist me in knowing the following, if the logs are recorded could you please tell me the location as well..
Log Underlying Requirements 1.What Activity was performed ? (eg: login of user or enable/ disable network port etc) 2.What were tool(s) activity was performed with ? (eg. 3.Administrator tool, Windows tools, rlogin, Gzip etc) 4.What is the status of the activity (Success or Failure), outcome or result of activity ? 5.Who performed the activity, including where or what system the activity was performed? (eg root, admin or application system) 6.Why was the activity performed? 7.When was the Activity performed? Activity To be Logged 1."Create, read, update, or delete confidential information, including confidential authentication information such as passwords;" 2.Create, update, or delete information not covered in #7; Initiate a network connection; Accept a network connection; 3. User authentication and authorization for activities covered in #7 or #8 such as user login and logout; 4.Grant, modify, or revoke access rights, including adding a new user or group, changing user privilege levels, changing file permissions, changing database object permissions, changing firewall rules, and user password changes; 5. System, network, or services configuration changes, including installation of software patches and updates, or other installed software changes; 6.Application process startup, shutdown, or restart; 7."Application process abort, failure, or abnormal end, especially due to resource exhaustion or reaching a resource limit or threshold (such as for CPU, memory, network connections, network bandwidth, disk space, or hardware fault; and" 8.Detection of Suspicious/ malicious activity from the IPS or IDS 9.Detection of Suspicious/malicious activity from the Antivirus or Antispyware system. iii.Elements of Logs 1." Type of action – examples include authorize, create, read, update, delete, and accept network connection." 2." Subsystem performing the action – examples include process or transaction name, process or transaction identifier." 3."Identifiers (as many as available) for the subject requesting the action – examples include user name, computer name, IP address, and MAC address." 4." Identifiers (as many as available) for the object the action was performed on – examples include file names accessed, unique identifiers of records accessed in a database, query parameters used to determine records accessed in a database, computer name," 5. Before and after values when action involves updating a data element, if feasible 6. Date and time the action was performed, including relevant time-zone 7. Whether the action was allowed or denied by access-control mechanisms. 8. Description and/or reason-codes of why the action was denied by the access-control mechanism, if applicable Sorry for bothering.... :) |
"The Activity"???
You're really expecting people to fill in all those answers for you? Good luck. |
I do think the first part is enough it will cover all other....:)
Thanks for your expectation. |
And how are we supposed to do that? How can we, with no context whatsoever answer "What Activity was performed?" ??
|
wasim_jd,
Are you able to open www.google.com on your system? If yes then why don't you first try with that? Google will help you much enough for your this question.... |
Yes Satya I tried.... but I didnt find for some...
|
OK, so what didn't you find? What kind of answers are you after? Do you even know?
|
Ok Wasim, then what have you tried so far?
|
I really didn't get what are you trying to do and what are you asking?
|
Quote:
|
All times are GMT -5. The time now is 04:49 PM. |