Showing results for 
Search instead for 
Did you mean: 

Collecting System Logs for PCI Compliance

Level 12

Here lately I've been asked alot about using Orion to collect data for PCI compliance. For the most part, this is pretty easy as Orion does a great job of managing routers, switches, firewalls, and servers. As a matter of fact, I've helped hundreds of customers setup special reports in Orion to highlight these features.

Things get a little more complicated when it comes to collecting logs from Windows servers and PCs. One way to tackle this is to use the Windows Event Log forwarder that we provide as a free download. This utility installs on the Windows systems and converts the event log messages into syslog messages and forwards them to Orion's Syslog Server.

Another creative way of solving this problem is to use the SNMP trap service on the windows machines forward the event log messages as traps. Orion can then receive, store, and alert on these traps.

Orion includes a highly scalable rules engine for the SNMP Trap Receiver and the Syslog Server that can be used to setup alerts and actions based upon message format, content, source, and etc. The users that take advantage of these features love them - but not too many people know about them.

Obviously, there are many other ways to collect this data including collecting it directly via WMI and using other third party agents to provide the logs. I'd love to hear how you're collecting logs from your Windows systems and any hiccups that you've encountered.

Flame on...

Level 15

Helpful and educational information.


in a past lifetime we used and now it is via the SIEM tool.