Educause Security Discussion mailing list archives
Re: How much host data collected?
From: "Bridges, Robert A." <bridgesra () ORNL GOV>
Date: Mon, 30 Apr 2018 15:53:58 +0000
Valdis,
Thanks for the input. Yes, we'd be interested to know if anyone uses audit logs as a default? If not default, then when
do you turn audit logs on? And finally, how big are they (bytes per IP per day)? and how are they used?
From the research side there are a lot of detection papers that leverage audit logs, but I'm not aware of much
application of these statistical findings in actual operations.
Thanks,
Bobby
--
Robert A. Bridges, PhD, Research Mathematician, Cyber & Information Science Research Group, Oak Ridge National
Laboratory
On 4/26/18, 4:46 PM, "The EDUCAUSE Security Constituent Group Listserv on behalf of Valdis Kletnieks" <SECURITY ()
LISTSERV EDUCAUSE EDU on behalf of valdis.kletnieks () VT EDU> wrote:
On Thu, 26 Apr 2018 14:37:27 -0500, Alan Amesbury said:
> * Are you considering the differences in OSes? Different OSes also log at
> significantly different levels depending on their settings. Windows hosts, for
> example, can produce MASSIVE amounts of data when compared to a Unix host.
Oh, it's quite possible to generate massive amounts on a Linux box too.
Just configure the 'audit' subsystem to do per-syscall logging :)
Current thread:
- How much host data collected? Bridges, Robert A. (Apr 19)
- Re: How much host data collected? Alan Amesbury (Apr 26)
- Re: How much host data collected? Valdis Kletnieks (Apr 26)
- Re: How much host data collected? Bridges, Robert A. (Apr 30)
- Re: How much host data collected? Bridges, Robert A. (Apr 30)
- Re: How much host data collected? Valdis Kletnieks (Apr 26)
- Re: How much host data collected? Alan Amesbury (Apr 26)