Which log files need to be configured in Splunk fo...

tanmaykaushal · ‎01-15-2013

Hi Everyone,

My client has asked me the following questions:

"Can you tell me what to log exactly and need to forward to splunk?

In other words, which level of log is needed to meet the PCI requirement?

On most systems and appliances it is possible to set a specific log level. In normal situations there is chosen for a low log level because Disk and CPU usage.

For the following:
cisco router
aix
linux
windows server en workstation
oracle

Can you specify what the minimum is?"

Please can anyone suggest how to and which log files needs to be configured in Splunk for above mentioned Platforms?

Ayn · ‎01-15-2013

This question relates to way more that can be covered in a single answer in a Q&A forum. There are people working exclusively with things like this in PCI projects - a good knowledge of the different sections of the PCI DSS is as I see it more or less required to be able to answer these questions in your specific situation, because the requirements will vary depending on where your cardholder data is stored and how you're handling it.

My recommendation would be to bring in someone who knows log management and how it relates to PCI DSS, and have them assess your situation.

Which log files need to be configured in Splunk for different Platforms?

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life