Central Logging for PCI

By gwesley77 ·
I am the jr. network admin for a small company, (6 servers, 3 of them hyper v) and I have been tasked with choosing a central logging service/software for PCI Compliance. It gets pretty pricey. Are there any decent solutions that handle file integrity monitoring, data loss prevention and all of the things we need but are not priced through the roof?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

No such thing as a free lunch

by robo_dev In reply to Central Logging for PCI

Some parts of what you need can be done at low cost; central logging, for example.

Collapse -


by Tekcetera In reply to Central Logging for PCI

Splunk is an amazing tool for collecting logs and gathering useful information from them. It is a log collector combined with a search engine. The ways in which the data can be reported/analyzed are imense and a user community exists where users share their adaptations, programmed searches and such. If you have 500MB of data/day or less you can use it for free, the more data you have the more expensive it becomes.

We use it for PCI requirements and it meets all of them, including file integrity monitoring. FIM will consume more data than windows logs or syslogs. We have scheduled searches that send an email if certain alert conditions are met. It's a bit of a learning curve but well worth it. It is very resource intensive on the server it runs on so be aware of that, best to put it on a dedicated server. We use a physical instead of virtual so it can keep all the resources to itself.

Related Discussions

Related Forums