Event Log Management Best Practices: Define your Audit Policy Categories (Part 1)

Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+1Share on Facebook0

Speaking of networks as “living entities,” records of all events taking place in your environment are being logged right now into event logs and Syslog files across your servers, workstations and networking devices. Has somebody gained unauthorized to key enterprise information –such as customer credit card data, employees, patient or financial records or others? Is your compliance officer asking for SOX-centric reports? The best way to react and respond is by collecting, archiving, analyzing, alerting and reporting on key information entries stored in your log files. Compliance standards such as SOX, Basel II, HIPAA, GLB, FISMA, PCI DSS, and NISPOM require this.

Log management is a truly daunting task because log files can come from many different sources, in various formats, and in large quantities. Just consider that one single Windows server can generate 1GB of log data in just one single day! In order to stay on top of this deluge of info, you really need to build the right log management strategy.

Here at WhatsUp Gold, our Gurus have developed seven Best Practices for Event and Log Management (ELM) to get you started on the path towards efficient log management. Today I will cover the first of these helpful tips.

When developing an effective ELM strategy, it is important to first define your audit policy categories. The term audit policy, in Microsoft Windows lexicon, just refers to the types of security events you want to record in the security event logs of your servers and workstations. With Microsoft Windows NT® systems, you must set the audit policy manually, but in Windows 2000® or Windows 2003® Active Directory® domains, with “Group Policy” enabled, you can define uniform audit policy settings for groups of servers or the entire domain.

Key Windows Event Logging Categories to Enable
  • Logon Events – Success/Failure
  • Account Logons – Success/Failure
  • Object Access – Success/Failure
  • Process Tracking – Success
  • Policy Change – Success/Failure
  • Account Management – Success
  • Directory Service Access – Success/Failure
  • Systems Events  – Success/Failure

To read about all seven Best Practices, view the Whitepaper, or stay tuned for more of the ELM Best Practices Blog Series.

Enhanced by Zemanta
This entry was posted in Network Management and tagged , , , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

Subscribe to our Network Monitor Blog

Blog subscribers get email updates once a week.

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Subscribe to our mailing list

    * indicates required
  • Categories

  • Featured Content

    Share this story:Tweet about this on Twitter0Share on LinkedIn0Share on Google+1Share on Facebook0

    9 Noble Truths of Network, Server and Application Monitoring

    Ipswitch 9 Noble Truths of Network, Server and Application Monitoring

    How IT teams can thrive while dealing with complexity

  • Recent Posts