Post Process

Everything to do with E-discovery & ESI

Posts Tagged ‘NetIQ’

Wading into the Quagmire of the Logs

Posted by rjbiii on October 24, 2007 has posted a great article on Filtering Log Data:

Where there are logs, there is usually an overwhelming amount of log data. This makes it hard for an organization to spot security problems. How do you find the one packet among millions that indicates someone is sending proprietary information out of the enterprise?

Let’s illustrate how it is possible to drill down and find that single suspect packet through a series of screenshots. As an example interface, we’ll use NetIQ’s Security Manager v 6.0 to demonstrate the filtering process, but other vendors in this market offer similar interfaces and capabilities. Regardless of the product your organization uses, this tip will provide a blueprint for how to drill down and obtain the log information you need.

You might already have a glimmer as to why the subject is on-topic here, but in case you feel the need to question my judgment:

[Reporting capabilities of these applications] are useful when you know ahead of time what to look for, such as providing evidence for an electronic discovery request or other external reasons.

The article comes complete with screen shots and is very well written. I highly recommend it.

Posted in Articles, Data Management, Tools | Tagged: , | Leave a Comment »