LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > wasim_jd
User Name
Password

Notices


Rate this Entry

Log management

Posted 03-07-2012 at 07:37 AM by wasim_jd

May I request to assist me in knowing whether all these are recorded in logs and if yes where the logs are located???
What Activity was performed ? (eg: login of user or enable/ disable network port etc)
What were tool(s) activity was performed with ? (eg. Administrator tool, Windows tools, rlogin, Gzip etc)
What is the status of the activity (Success or Failure), outcome or result of activity ?
Who performed the activity, including where or what system the activity was performed? (eg root, admin or application system)
Why was the activity performed?
When was the Activity performed?
"Create, read, update, or delete confidential information, including
confidential authentication information such as passwords;"
Create, update, or delete information not covered in #7;
Initiate a network connection;
Accept a network connection;
User authentication and authorization for activities covered in #7 or #8 such as user login and logout;
Grant, modify, or revoke access rights, including adding a new user or group, changing user privilege levels, changing file permissions, changing database object permissions, changing firewall rules, and user password changes;
System, network, or services configuration changes, including installation of software patches and updates, or other installed software changes;
Application process startup, shutdown, or restart;
"Application process abort, failure, or abnormal end, especially due to resource
exhaustion or reaching a resource limit or threshold (such as for CPU, memory,
network connections, network bandwidth, disk space, or hardware fault; and"
Detection of Suspicious/ malicious activity from the IPS or IDS
Detection of Suspicious/malicious activity from the Antivirus or Antispyware system.
" Type of action – examples include authorize, create, read, update, delete, and
accept network connection."
" Subsystem performing the action – examples include process or transaction
name, process or transaction identifier."
"Identifiers (as many as available) for the subject requesting the action – examples
include user name, computer name, IP address, and MAC address."
" Identifiers (as many as available) for the object the action was performed on
– examples include file names accessed, unique identifiers of records accessed in a database, query parameters used to determine records accessed in a database, computer name,"
Before and after values when action involves updating a data element, if feasible
Date and time the action was performed, including relevant time-zone
Whether the action was allowed or denied by access-control mechanisms.
Description and/or reason-codes of why the action was denied by the access-control mechanism, if applicable


Thanks a lot.....
Posted in Uncategorized
Views 715 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 08:02 AM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration