[GRLUG] PCI v1.2 Compliance.

dagda at pathwaynet.com dagda at pathwaynet.com
Fri Dec 12 19:58:08 EST 2008


>> We have our Web Application Server doing logging to a named pipe that
>> uses a syslog setup on our central server.
>
> Yep, we've centralized our syslog.  It used to log directly to the
> database but I found that having syslog-ng write the messages to
> timestamped SQL *files* and then have a cron sript that loads the files
> ever hour to be much more efficient (and stable) then a direct connect.
>

Has there any discussion of the risk associated with only storing the logs
locally for that hour?  It opens the system up to local log tampering.

For instance, PCI requires:
10.5.3  Promptly back up audit trail files to a centralized log server or
media that is difficult to alter.

10.5.5  Use file-integrity monitoring or change-detection software on logs
to ensure that existing log data cannot be changed without generating
alerts (although new data being added should not cause an alert).

What is everyone doing to meet 10.5.5?

-Brian



More information about the grlug mailing list