3 Replies Latest reply on Jun 1, 2015 3:17 PM by bkyle

    PCI Compliance - Logging

    dcslick

      Hello,

      We are trying to become PCI compliant.  One thing we must do is turn a ton of logging on our Windows servers such as security etc.  Once we have the logs turned on we will need to review them periodially on a schedule.  To make this easier we would like to have one central location to view all of the logs info from all of the servers.  Also it would be nice to be able to get alerts if certain security logs are triggered.  Any suggestions for such an app?

       

      Thanks in advance,

      DC

        • Re: PCI Compliance - Logging
          curtisi

          Sounds like you're looking for a SIEM solution like the Log and Event Manager.

           

          Among other things, it would centralize your logs, provide a means for searching and reporting on the logs, provide alerting and scheduled reports generation.  The LEM comes with template rules that are the result of collaboration with customers, auditors and our engineers, and categorized by compliance standards like PCI.  The LEM Reports console has stock reports also categorized by industry and compliance.  All of these things can be customized to suit your business.

           

          I would argue with the statement "One thing we must do is turn a ton of logging on our Windows servers."  While I find most people deploy the LEM and find that they need to review their audit policies, there's nothing in the PCI standards that simply says "TURN ON ALL THE THINGS!"  What PCI (and most other compliance standards) want is for you to turn on the right things.  That's a much trickier problem, but a more rewarding solution.  If you simply cranks all the settings to maximum, you'll get a lot of logs, most of which are meaningless noise.  If/when you need to actually find something, you'll be looking for a needle in a field of hay-stacks.  It's a much better plan to tune the auditing to minimize the amount of hay you get, and maximize the needles.

          • Re: PCI Compliance - Logging
            bkyle

            I agree LEM will be your best option here.