Network Security: Detailed info on Re: BSM and syslog... why should I consider the first?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Focus-Sun

[Top] [All Lists]

Re: BSM and syslog... why should I consider the first?

from [Robert Escue] Network Security

[Permanent Link]

Subject:	Re: BSM and syslog... why should I consider the first?
Date:	Fri, 08 Jul 2005 06:06:13 -0400

Simone Vernacchia wrote:

Hello everyone,

I'm working on a Security program for a large infrastructure.
I have to deal with Sun Solaris, and I was wondering why I should
consider logging via BSM and not syslog.
System admins have a good knowledge of syslog, and I can standardize
logging in different UNIX OSes easily if I use it.
Is there some breaking feature which could make me prefer BSM?
Is there a reason to use syslog and BSM?

Thanks in advance,
G0k

Simone,

BSM is auditing for Solaris, not logging. If you wanted your machine(s) to be C2/EAL4 compliant and wanted to have a trail of what users did on that machine, you would enable BSM. The detractors are increased CPU utilization, preferably having a dedicated partition to write the audit data to (depending on activity level it could be large) and the audit trail can only be read using Sun's tools (except for Solaris 10 which has other options).

Hope this helps.


Robert Escue
System Administrator

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
BSM and syslog... why should I consider the first?, Simone Vernacchia Re: BSM and syslog... why should I consider the first?, Robert Escue <= RE: BSM and syslog... why should I consider the first?, Freeman, Michael Re: Re: BSM and syslog... why should I consider the first?, petefran

Previous by Date:	BSM and syslog... why should I consider the first?, Simone Vernacchia
Next by Date:	RE: BSM and syslog... why should I consider the first?, Freeman, Michael
Previous by Thread:	BSM and syslog... why should I consider the first?, Simone Vernacchia
Next by Thread:	RE: BSM and syslog... why should I consider the first?, Freeman, Michael
Indexes:	[Date] [Thread] [Top] [All Lists]