Log management and analysis is a vital part of organization's network management and system administration. Logs indicate current status of the system and contain information that refers to different security events, which occur within the system. Logs are used for different purposes, such as recording user activities, track authentication attempts, and other security events. Due to increasing number of threats against networks and systems, the number of security logs increases. However, many organizations that work in a distributed environment face following problems: log generation and storage, log protection, and log analysis. Moreover, ensuring that security, system and network administrators analyze log data in an effective way is another issue. In this research, we propose an approach for receiving, storing and administrating audit log events. Furthermore, we present a solution design that in a secure way allows organizations in distributed environments to send audit log transactions from different local networks to one centralized server.
[1]
Adolf Hohl,et al.
Delegating Secure Logging in Pervasive Computing Systems
,
2006,
SPC.
[2]
Erland Jonsson,et al.
An Approach to UNIX Security Logging 1
,
1998
.
[3]
Bruce Schneier,et al.
Cryptographic Support for Secure Logs on Untrusted Machines
,
1998,
USENIX Security Symposium.
[4]
Matt Bishop.
Introduction to Computer Security
,
2004
.
[5]
Gunnar Peterson.
Building Security In
,
2006
.
[6]
Karen Kent,et al.
Guide to Computer Security Log Management
,
2006
.
[7]
Christian S. Collberg,et al.
Tamper Detection in Audit Logs
,
2004,
VLDB.