-1

There are plenty of log reporting tool but I am having trouble on choosing. Can anyone advice me a tool for audit-log monitoring?

BenMorel
  • 34,448
  • 50
  • 182
  • 322
Barny
  • 383
  • 1
  • 3
  • 13

1 Answers1

1

This is one of those questions where there is no right answer on which tool is best - you should use whatever tool works for your organisation.

There are plenty of both commercial and open source tools available which can be used to meet the PCI logging requirements. Having said that, the open source tools that I've looked at recently don't cover all PCI requirements in the basic versions so make sure y ou find out about that. The same goes for commercial tools, some will see meeting PCI as a feature that is only available in their higher tier offerings.

Key requirements to look at are:

  • options for gathering logs (push/pull/agent etc)
  • storage options - you need at least 3 months available online and a year available in total
  • review capabilities - looking at logs every day isn't practical so what alerts can you set up for this to be automated?
  • protection of logs - some sort of integrity monitoring is required (req 10.5.5) to ensure logs aren't altered unknowingly

Your QSA may well give you extra bonus marks if your logging tool automatically feeds into your incident response process - worth it if it increases their confidence in your processes!

dfbpdave
  • 348
  • 1
  • 4