Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NFS Raw Events Compliancy

Does anyone know if the Raw Events saved to the NFS server are PCI and/or Sarbanes-Oxley compliant?

1 REPLY
Gold

Re: NFS Raw Events Compliancy

I don't know how specific the actual requirements are (I doubt SOX is very specific). Some systems produce binary logs (e.g. Windows, Checkpoint), so "raw message" is not always as cut-and-dried as it seems. Most syslog and SNMP raw messages closely (exactly?) resemble the original message. Anything that is not syslog/snmp is more suspect. Checkpoints are better, but still not the same as what I see using the Checkpoint tools for example. The Cisco IPS devices now show up as XML and perhaps mirror exactly what was returned from the sensor. You'd want to carefully test everything device you anticipate reporting into MARS.

135
Views
0
Helpful
1
Replies
CreatePlease to create content