Hi Navid, I was just looking for a similar solution to satisfy sections 10.x in the PCI DSS.
OSSEC is great for a lot of things, but I wouldn't use it for auditing. I'd look into installing and configuring auditd on all of your linux machines. Then, to be able to generate your reports, I would use splunk. Depending on your needs, you might be able to get by with the free version. Hope this helps. -Michael Navid Paya wrote: > Kudos everyone > I'm working in a firm specialized in providing banking services. I'm > working on a user control mechanism and as part of the mechanism I > need an auditing solution. Here are the requirements I have for my system: > 1 - Logging all the command that users enter and preferably storing > them on a per user basis (for instance the command log for the user > "navid" be stored as "navid.log" > 2 - The ability to search for incidents based on user, command or time > 3 - Ability to generate reports on a weekly, monthly, ... basis > I've looked into syslog, syslog-ng, ossec and open-audit but I'm > really not sure which one to go with. I'll be really grateful if you > can shed some light on my limited understanding of this whole thing. I > know about solution such as bash history but it just doesn't seem > right. I mean, it's Linux for God's sake. There has to be better way > to do that. And in case it matters, my distro is SuSE Linux Enterprise > Server 10 SP 2. > > Thanks in advance > > Navid
signature.asc
Description: OpenPGP digital signature
