LogWatch – IT Security Log Analysis

Once you get LogWatch installed and working it serve as a fast and efficient alternative for managers and security officers who find themselves weighed down with the task of reviewing and analyzing IT security logs. With LogWatch working  it will help your organization comply with regulatory requirements such as GLBA Section 501(b), and will buy you security at a rather reasonable cost.

What is LogWatch?

LogWatch was developed by ERM’s team of consultants to ease the IT security log monitoring process for clients. Getting LogWatch working consists of the following five steps:

Step 1 - ERM provides the client tailored configuration requirements depending upon the platform. The client selects the frequency (e.g., daily, weekly, monthly) for the security log analysis.

Step 2 - The client uploads the IT security logs into ERM’s LogWatch Web Portal. This has been designed using Secure Sockets Layer (SSL) technology so that when logwatch is working it provides the highest level of protection. All information submitted is encrypted and stored in a standalone server.

Step 3 - ERM analyzes the IT security logs using automated tools and scripts created to locate suspicious activity and identify possible security breaches.

Step 4 - ERM uploads the IT security log analysis report into the LogWatch Web Portal and notifies the client via e-mail. IT security logs will be analyzed and uploaded into the Web portal within 24 hours.

Step 5 - The client downloads the LogWatch report and investigates the security issues.

Some of the platforms covered:

• Windows 2000
• Oracle 
• Checkpoint Firewall 
• Cisco Pix
• Windows 2003 
• Solaris 
• Apache Web Server 
• IIS Web Server
• MS SQL Server 
• Linux 
• HP Unix 
• AS/400

Note: LogWatch working doesn’t mean you have  24/7 monitoring. LogWatch is a remote service tailored to client needs that involves IT security log analysis, and auditing, of various security logs and generation of reports based on findings observed in the logs.