Logging and Auditing of Key System Changes

[Mark Rogowski <m.rogowski () UWINNIPEG CA>]

Folks,
 
I am seeking insight from those of you who have assisted in establishing the process of centralized logging of 
Administrative-based events that occur on key systems (routers, firewalls, servers, etc.).  The scope of the events I 
refer to are fairly high level, meaning the recording of major configuration changes made to a system or service.
 
I would be most interested in knowing:
 
a.) Are these event logs viewed/managed by the Administrators of the system(s) themselves or are they segregated from 
the daily logs the Administrators usually work with?
 
b.) If the Administrators have full access to these log entries, have you ever had conversations with management where 
this has been brought up as a potential security issue?  Did management accept the risk of having a possible insider 
threat?  What steps were taken to minimize said risk?
 
c.) If said log entries are segregated from the Admins, who usually accesses them?  How long are they retained for?
 
I appreciate any and all feedback on this.
 
Thanks,
 
 
Mark Rogowski  CISSP, CISM
IT Security
Technology Solutions Centre
University of Winnipeg
Ph: (204) 786-9034