+ Post New Thread
Results 1 to 5 of 5
How do you do....it? Thread, Audit logging and incident handling in Technical; Having just seen all the becta bombshell of best /good practice.. i have too realised i need to encrypt usb ...
  1. #1
    k-strider's Avatar
    Join Date
    Oct 2006
    Thank Post
    Thanked 40 Times in 30 Posts
    Rep Power

    Audit logging and incident handling

    Having just seen all the becta bombshell of best /good practice.. i have too realised i need to encrypt usb sitcks and any laptops that go off site...

    my question is more on this guide... http://schools.becta.org.uk/upload-d...it_logging.pdf

    firstly what do we need to log in reality? it looks to me from reading it.. i basically need all the security logs from my DCs.. i script a log in and out to a SQL DB so this too would be useful (though currently use a stored procedure to remove records older than 32 days so the db didn't grow massive, but holds enough to follow querys up).

    it looks like i need to keep all my externally available IIS server logs..

    it looks like the MIS (in our case CMIS) logs too...

    now the more important question is can we automate this process... the windows security logs just over write them selves after so long... and don't "archive" them selves off..

    the other thing that looked manualish time consuming is the moving of the logs on to read only media.. the becta report seemed to imply this should be done regularly implying that once a week was poor / high risk.

    has anyone started to look at this yet?

  2. #2
    sahmeepee's Avatar
    Join Date
    Oct 2005
    Greater Manchester
    Thank Post
    Thanked 70 Times in 42 Posts
    Rep Power
    you've made the fatal mistake of assuming becta know anything. extra homework for you.

  3. #3

    Join Date
    Dec 2005
    In the server room, with the lead pipe.
    Thank Post
    Thanked 789 Times in 616 Posts
    Rep Power
    Have a search for data protection and becta on the forums - it comes up a lot.

    Initial thread: Becta Information security guidance for schools published

    We have a working group sorting this out - me (NM), two governors, deputy head and head of ict.

    Some of it is merely an extension of what we already do, some of it has an attached time/money/hardware cost.

    Two things to remember:

    1) Don't panic.
    2) The advice hinges on "reasonableness". When looking at a log ask yourself: "As an outside person, how long would I reasonably expect the school to retain this log?"

    Windows servers can be configured to log to an external syslog server with minimal effort. Your main issue is getting the logs (or rather a copy of them) into something that can provide decent search functionality so the data is usable.

    For each device / apps individual logs:

    What does the log hold?
    Where does it hold it?
    In what format? (.txt, .evt, binary, gzipped plain text etc)
    How long is data kept for before it overwrites? Is this sufficient?
    Who has access to the log?
    Do we need to retain this log for auditing purposes?

    Once you have the above info, you can work out the scale of the task.
    Last edited by pete; 11th March 2009 at 12:19 PM.

  4. #4
    gshaw's Avatar
    Join Date
    Sep 2007
    Thank Post
    Thanked 229 Times in 211 Posts
    Rep Power
    Looked at this a while back, now seems to run on Windows so worth a test

    Splunk > IT Search Company | It's not just Log Management anymore

    Edit: just downloaded and installed to test network, Added the Windows WMI app onto it and just need to edit the conf file to get it to pull the logs from other servers, something to try tomorrow
    Last edited by gshaw; 11th March 2009 at 06:02 PM.

  5. #5

    Join Date
    Mar 2009
    Thank Post
    Thanked 0 Times in 0 Posts
    Rep Power
    Just had a meeting with Splunk's VP for EMEA. One of our technicians is rolling it out for a huge retailer in the UK at the minute and it is a fantastic product.

    You can use the full version for free with a few caveats but I would definately recommend anyone who doesn't want to trawl through endless management / log consoles trying to find things when you can have a search engine akin to how google searches the web for free!

    You can download it here; Splunk : Download Splunk 3.4.6

    It is available for Linux, Mac, Windows (2000-> Vista).

+ Post New Thread

Similar Threads

  1. Audit Tool - How do you Audit your exuipment
    By Nij.UK in forum General Chat
    Replies: 7
    Last Post: 4th November 2008, 01:33 PM
  2. Logging onto the network after logging on locally
    By frankybaloney in forum Windows
    Replies: 9
    Last Post: 10th October 2008, 01:17 PM
  3. more camera views of world cup incident
    By ITWombat in forum Jokes/Interweb Things
    Replies: 7
    Last Post: 15th July 2006, 07:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts