Re: [Fed-Talk] LogWatch for Mac?
Re: [Fed-Talk] LogWatch for Mac?
- Subject: Re: [Fed-Talk] LogWatch for Mac?
- From: Allan Marcus <email@hidden>
- Date: Tue, 18 Nov 2008 17:29:27 -0700
Right now I'm not using any of the common criteria tools. I was just
using the syslogd output to the system.log and secure.log with logwatch.
Ron tells me Apple is working on 10.5 EAL3 certification <http://www.bsi.bund.de/zertifiz/zert/aktuelle.htm
>. I'm hoping the CC tools will be updated for Leopard after that
cert is complete. Unfortunately, that will probably be when Snow
Leopard is released!
---
Thanks,
Allan Marcus
505-667-5666
On Nov 17, 2008, at 2:32 PM, Dan O'Donnell wrote:
How are you moving the BSM data from the Macs into LogWatch?
Do you export the stream from BSM into LW, or capture as a file and
then
import? Do you capture the information in real time or with a delay?
--
Dan O'Donnell
ISSO
RAND Corporation
1776 Main St.
PO Box 2138
Santa Monica CA 90407-2138
310-393-0411 x6637
email@hidden
email@hidden
On 11/17/08 1:29 PM, "Allan Marcus" <email@hidden> wrote:
I looked a splunk, and man, what tool! Looks like it would be great
except for the fact that it's way too much for what I need.
I decided to try LogWatch anyways, despite reports that it didn't
work
on Mac. Turns out it does work! Imagine that. All I need to do now is
tune it for Mac OS X. If anyone else is using LogWatch on Mac or is
interested, maybe we can collaborate.
---
Thanks,
Allan Marcus
505-667-5666
On Nov 17, 2008, at 2:14 PM, Nichols, Jared wrote:
I haven't used it, but I guess Splunk is quite popular
Jared
On 11/17/08 15:51 , "Allan Marcus" <email@hidden> wrote:
May have been discussed before, but anyone have an automated
logwatch
type program? NIST 800-53 AU-7 seems to require such a program.
Linux
has LogWatch, which works well, but us Mac folks got, what, nothin'?
I'm been working with logcheck.sh, but it's very raw and reports way
too much. any ideas is greatly appreciated.
Oh, Splunk look interesting too. Anything else?
---
Thank you,
Allan Marcus
Solutions Architect
Central Software and Development Team (CSD)
Department Computing Services Division (DCS)
Los Alamos National Laboratory
505-667-5666
email@hidden
--
Jared Nichols
ISD Infrastructure and Operations - Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
__________________________________________________________________________
This email message is for the sole use of the intended recipient(s)
and
may contain confidential information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all
copies
of the original message.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden