Penetration Testing mailing list archives
Re: [PEN-TEST] Analyzing Audit Log Data (incl. syslog)
From: Shaggy <mailtech2 () YAHOO COM>
Date: Thu, 28 Sep 2000 12:55:38 -0700
I've seen a particularly useful way of handling this. One Company I've seen downloads syslog, sulog and other log data to a syslog server on an exported file system. An NT server with an NFS client accesses this data, which then serves as input into an Excel pivot table that massages the data into an easy-to-analyze format for the sys admin. A VB script is executed on the data and any unusual activity these scripts are configured to identify appears in a formatted report, which then gets emailed to the appropriate person automatically. A minor pain to get set up, but a snap to analyze the data. --- Richard Hutchinson <Richard.Hutchinson () OAG STATE TX US> wrote:
Michael: I have been using a program for the last year or two to analyze data, to include audit log programs. It will take a text file, ODBC compliant database file, ASCII, PCASCII, EBCDIC, etc. and read the data into a format you can filter in any manner you want, such as a particular userID. It is a really sophisticated query program built specifically for auditing large data files. The name is Audit Command Language. They have a demo version that will take a small file (48k) and do all the things the full blown program will. You can check it out at www.acl.com, if your are interested. _______________________________ Richard Hutchinson, CISA, CIA IS Audit Manager Internal Audit Division Texas Office of the Attorney General 512-475-4927 E-Mail: richard.hutchinson () oag state tx usgraham_michael () HOTMAIL COM 27 September, 2000I hope this is the right sort of question. Does anyone know of a package/application that uses the info created in the Audit log of say NT or UNIX and enables administrators to drill down and get info about users' movements like if someone is accessing loads of sensitive files/directories on a given day etc. The reason I ask is this, the Audit log doles out loads of info however I want to be able to interrogate it and apply particular search routines to it, to get that salient info only. cheers Mike
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
__________________________________________________ Do You Yahoo!? Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free! http://photos.yahoo.com/
Current thread:
- Re: [PEN-TEST] Analyzing Audit Log Data (incl. syslog) Shaggy (Sep 28)
- Re: [PEN-TEST] Analyzing Audit Log Data (incl. syslog) Fred Mobach (Sep 29)