Deployment Architecture

How can I make a PCI audit.rules generates fewer events or logs?

ams44splunk
New Member

How do I reduce the number of log messages and maintain PCI compliant auditing? The audit.rules generates too much data. The rules audit more than 50 system calls and can swamp my log server. The rules audit every system call we identified as matching a requirement of the Payment Card Industry (PCI) Data Security Standard.

0 Karma

cgkades
Explorer

No one knew the answer to this?! I have similar issues with security compliance. I wish they could just do a tail -f on the log

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!