Management of Logs Stored in Database Tables

[Ghassan Salem <gs37 () AUB EDU LB>]

Dear all:
What are the best practices that you are adopting for shipping application logs residing in a database table to a log 
management system or SIEM solution. We would like to see how other universities did address this issue as they were 
building their logs management systems.

Below are two methods we though off but are debatable:
A-SQL query through jdbc connection from log Mgt solution to the database.
               Risks: What if the Database user we are using in our JDBC connection got compromised. Insecure storage 
of database credentials.
B-Extract the logs from DB to an os file and send them thorough a log shipper such are rsyslog or beat.
               Risks: Data extraction Process stopped, Data Manipulated by Admin, delay in data transfer, data 
integrity while moving from Database to OS, Involvement of Admins in the process.

Best,
Ghassan Salem

Ghassan Salem
Senior Information Security Engineer
IT Information Security Department
[cid:image001.png@01D2DEDE.0F2ED880]
American University of Beirut
IT Information Security Department
P.O.Box 11-0236
Riad El-Solh, Beirut 1107 2020, Lebanon
T: +961 (1) 350000 Ext 2089
E: gs37 () aub edu lb<mailto:gs37 () aub edu lb>
W<http://www.aub.edu.lb/> . Fb<http://www.facebook.com/aub.edu.lb> . Fl<http://www.flickr.com/groups/aub> . 
T<http://twitter.com/AUB_Lebanon> . Y<http://www.youtube.com/AUBatLebanon> . 
L<http://www.linkedin.com/company/american-university-of-beirut> . IT<http://www.aub.edu.lb/it/>


**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community