Re: [Fed-Talk] Re: Auditing using Common Criteria
Re: [Fed-Talk] Re: Auditing using Common Criteria
- Subject: Re: [Fed-Talk] Re: Auditing using Common Criteria
- From: Bill Vlahos <email@hidden>
- Date: Mon, 17 Sep 2007 13:26:37 -0700
Todd,
Any chance you would be willing to share your audit tools?
Bill Vlahos
IT Manager, AeroVironment, Inc.
CONFIDENTIALITY STATEMENT: This electronic message transmission
contains information from Aerovironment Inc and is confidential or
privileged. The information is intended to be only for the use of the
individual or entity named above. If you are not the intended
recipient, be aware that any disclosure, copying, distribution or use
of the contents of this information is prohibited. If you have
received this electronic transmission in error, please send a reply
notification and/or notify us by telephone (626-357-9983) immediately
and delete this message from your computer.
On Sep 17, 2007, at 12:54 PM, Todd Heberlein wrote:
On Sep 17, 2007, at 9:40 AM, Dan O'Donnell wrote:
How big do your log files get? And how fast do they get that big?
Last questions: How often do you roll your log files?
It varies. On my MacPro I am only generating about 100-300 MB per
day. On my G5 I was generating about 1 GB per day. I think the
difference is because when you turn auditing on for everything on
the G5, it ends up preventing the G5 from going to sleep when idle
(I can still put it to sleep manually). My MacPro doesn't have this
problem. (I have two G5 XServes, but they don't get much traffic.)
I have launchd scripts that were rotating my logs every hour, but I
because the logs were relatively small, I have backed that off to
just once every 24 hours. Furthermore, I tend to shutdown my
workstation at night, so that effectively starts a new log every
morning.
I have my own custom audit analysis tools that are much faster than
the default tools, so a 1 Gig file only takes about 2 minutes to do
a fairly deep analysis. I don't know why the default tools are so
slow. I am currently working on a lossy but fairly high-fidelity
compression technique that should also eliminate any storage issues.
Todd
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden