NFS Raw Events Compliancy

Unanswered Question
Aug 26th, 2008

Does anyone know if the Raw Events saved to the NFS server are PCI and/or Sarbanes-Oxley compliant?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mhellman Tue, 08/26/2008 - 14:41

I don't know how specific the actual requirements are (I doubt SOX is very specific). Some systems produce binary logs (e.g. Windows, Checkpoint), so "raw message" is not always as cut-and-dried as it seems. Most syslog and SNMP raw messages closely (exactly?) resemble the original message. Anything that is not syslog/snmp is more suspect. Checkpoints are better, but still not the same as what I see using the Checkpoint tools for example. The Cisco IPS devices now show up as XML and perhaps mirror exactly what was returned from the sensor. You'd want to carefully test everything device you anticipate reporting into MARS.


This Discussion