WhatsUp Gold’s free Syslog Server
provides you with a feature rich tool to help you manage your syslog needs, including enhanced export capabilities. View the messages in real-time or filter results data the way you need to see it. Take charge of your network by understanding the data your devices are giving you.
Would you like to:
- Automatically collect both Syslog and Windows event logs across your network?
- Store your log files for as long as you need (e.g. HIPAA mandates log data retention for 6 years)?
- Prevent tampering with your archived log files?
- Receive real-time alerts for key events (e.g. access and permission changes to files, folders, and objects containing employee or financial records, patient information and any other critical information).
- Generate and automatically distribute compliance or security-centric reports to key stakeholders such as auditors, security personnel or upper management?
Get the Syslog Server today for free (or, if you answered yes to any of the above questions, consider checking out WhatsUp Event Log Management Suite)
Speaking of networks as “living entities,” records of all events taking place in your environment are being logged right now into event logs and Syslog files across your servers, workstations and networking devices. Has somebody gained unauthorized to key enterprise information –such as customer credit card data, employees, patient or financial records or others? Is your compliance officer asking for SOX-centric reports? The best way to react and respond is by collecting, archiving, analyzing, alerting and reporting on key information entries stored in your log files. Compliance standards such as SOX, Basel II, HIPAA, GLB, FISMA, PCI DSS, and NISPOM require this.
Log management is a truly daunting task because log files can come from many different sources, in various formats, and in large quantities. Just consider that one single Windows server can generate 1GB of log data in just one single day! In order to stay on top of this deluge of info, you really need to build the right log management strategy.
Here at WhatsUp Gold, our Gurus have developed seven Best Practices for Event and Log Management (ELM) to get you started on the path towards efficient log management. Today I will cover the first of these helpful tips.
When developing an effective ELM strategy, it is important to first define your audit policy categories. The term audit policy, in Microsoft Windows lexicon, just refers to the types of security events you want to record in the security event logs of your servers and workstations. With Microsoft Windows NT® systems, you must set the audit policy manually, but in Windows 2000® or Windows 2003® Active Directory® domains, with “Group Policy” enabled, you can define uniform audit policy settings for groups of servers or the entire domain.
|Key Windows Event Logging Categories to Enable
- Logon Events – Success/Failure
- Account Logons – Success/Failure
- Object Access – Success/Failure
- Process Tracking – Success
- Policy Change – Success/Failure
- Account Management – Success
- Directory Service Access – Success/Failure
- Systems Events – Success/Failure
To read about all seven Best Practices, view the Whitepaper, or stay tuned for more of the ELM Best Practices Blog Series.