[BBLISA] Interpreting audit logs?
Tom Metro
tmetro+bblisa at vl.com
Sun Oct 28 12:59:30 EDT 2007
Scott Ehrlich wrote:
> How, then do I properly and successfully review the audit log entries...
Not answering your precise question, but the general purpose answer for
how best to review logs for ongoing monitoring is to use a log analysis
tool, which will sift through the data and present it in summary form,
while also bringing to your attention any unusual or unexpected entries.
I use logwatch (http://www2.logwatch.org:81/) for this purpose. Set to
run at low detail daily, which alerts of error conditions, and medium
detail weekly, which summarizes statistics.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the bblisa
mailing list