Questions

Central Logging for PCI

Tags:
+
0 Votes
Locked

Central Logging for PCI

gwesley77
Hello,
I am the jr. network admin for a small company, (6 servers, 3 of them hyper v) and I have been tasked with choosing a central logging service/software for PCI Compliance. It gets pretty pricey. Are there any decent solutions that handle file integrity monitoring, data loss prevention and all of the things we need but are not priced through the roof?
  • +
    0 Votes
    robo_dev

    Some parts of what you need can be done at low cost; central logging, for example.

    http://edgeofsanity.net/article/2012/06/17/central-logging-with-open-source-software.html

    +
    0 Votes
    Tekcetera

    Splunk is an amazing tool for collecting logs and gathering useful information from them. It is a log collector combined with a search engine. The ways in which the data can be reported/analyzed are imense and a user community exists where users share their adaptations, programmed searches and such. If you have 500MB of data/day or less you can use it for free, the more data you have the more expensive it becomes.

    We use it for PCI requirements and it meets all of them, including file integrity monitoring. FIM will consume more data than windows logs or syslogs. We have scheduled searches that send an email if certain alert conditions are met. It's a bit of a learning curve but well worth it. It is very resource intensive on the server it runs on so be aware of that, best to put it on a dedicated server. We use a physical instead of virtual so it can keep all the resources to itself.

  • +
    0 Votes
    robo_dev

    Some parts of what you need can be done at low cost; central logging, for example.

    http://edgeofsanity.net/article/2012/06/17/central-logging-with-open-source-software.html

    +
    0 Votes
    Tekcetera

    Splunk is an amazing tool for collecting logs and gathering useful information from them. It is a log collector combined with a search engine. The ways in which the data can be reported/analyzed are imense and a user community exists where users share their adaptations, programmed searches and such. If you have 500MB of data/day or less you can use it for free, the more data you have the more expensive it becomes.

    We use it for PCI requirements and it meets all of them, including file integrity monitoring. FIM will consume more data than windows logs or syslogs. We have scheduled searches that send an email if certain alert conditions are met. It's a bit of a learning curve but well worth it. It is very resource intensive on the server it runs on so be aware of that, best to put it on a dedicated server. We use a physical instead of virtual so it can keep all the resources to itself.