This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Log review and management"
Anthonylai (talk | contribs) (→Log Review Tips) |
Anthonylai (talk | contribs) (→Log Review Tips) |
||
| Line 17: | Line 17: | ||
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? | Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to? | ||
| + | |||
1. Consecutive login failure especially in non-office hour. | 1. Consecutive login failure especially in non-office hour. | ||
Revision as of 09:40, 17 March 2007
Overview
Purpose:
- Communicate potential risks to stakeholder.
- Communicate rationale for security-relevant decisions to stakeholder.
Role:
- who typically does this
Frequency:
Log Review Tips
Critical systems require at least daily log review, however, what types of logs/activities should we pay attention to?
1. Consecutive login failure especially in non-office hour.
2. Login in non-office hour.
3. Authority change, addition and removal. Check them against with authorized application.
4. Any system administrator's activities
5. Any unknown workstation/server are plugged into the network?
6. Logs removal/log overwritten/log size is full
7. Pay more attention to the log reports after week-end and holiday
8. Any account unlocked/password reset by system administrators without authorized forms?
Subactivity 2
Describe the subactivity here
Subactivity 3
Describe the subactivity here
