Educause Security Discussion mailing list archives
Re: Management of Logs Stored in Database Tables
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 17 Feb 2021 11:59:08 -0500
Ghassan, We have done "A" in a number of cases - however, we use per-system credentials that only have read access to the specific tables needed (and in some cases field-specific) "Least Privilege" Frank On Wed, Feb 17, 2021 at 11:02 AM Ghassan Salem <gs37 () aub edu lb> wrote:
Dear all: What are the best practices that you are adopting for shipping application logs residing in a database table to a log management system or SIEM solution. We would like to see how other universities did address this issue as they were building their logs management systems. Below are two methods we though off but are debatable: A-SQL query through jdbc connection from log Mgt solution to the database. Risks: What if the Database user we are using in our JDBC connection got compromised. Insecure storage of database credentials. B-Extract the logs from DB to an os file and send them thorough a log shipper such are rsyslog or beat. Risks: Data extraction Process stopped, Data Manipulated by Admin, delay in data transfer, data integrity while moving from Database to OS, Involvement of Admins in the process. Best, Ghassan Salem *Ghassan Salem* Senior Information Security Engineer IT Information Security Department [image: cid:image001.png@01D2DEDE.0F2ED880] *American University of Beirut* IT Information Security Department P.O.Box 11-0236 Riad El-Solh, Beirut 1107 2020, Lebanon *T*: +961 (1) 350000 *Ext 2089* *E*: gs37 () aub edu lb *W* <http://www.aub.edu.lb/> . *Fb* <http://www.facebook.com/aub.edu.lb> . *Fl* <http://www.flickr.com/groups/aub> . *T* <http://twitter.com/AUB_Lebanon> . *Y* <http://www.youtube.com/AUBatLebanon> . *L* <http://www.linkedin.com/company/american-university-of-beirut> . *IT* <http://www.aub.edu.lb/it/> ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
-- Frank Barton, MBA Security+, ACMT, MCP IT Systems Administrator Husson University PGP Key Fingerprint: 0249DC644EC78D2F6B5CD2C6C94D3EDB57946437 ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Management of Logs Stored in Database Tables Ghassan Salem (Feb 17)
- Re: Management of Logs Stored in Database Tables Frank Barton (Feb 17)
- Re: [External] Re: [SECURITY] Management of Logs Stored in Database Tables Kevin Wilcox (Feb 17)
- Re: Management of Logs Stored in Database Tables Frank Barton (Feb 17)