Windows and Linux/Unix File Log Rules allow customers to choose and filter on specific crtieria for monitoring, archiving or BOTH

When archiving data, the SQL Table Prefix should be kept as {default} (which is ARGSOFT_COMPLIANCE_)

All file log lines are archived into the ARGSOFT_COMPLIANCE_LOG_ARCHIVE table

These Rules let you parse and test any ASCII log file for any computing platform – Solaris, HP-UX, AIX, Windows, etc.

As ASCII log files are all different and have different tokens or keywords in different locations in the record, you can create different Rules.

All log files typically have a timestamp, followed by other data delimited typically by a space or tab

All of this can be defined on the single screen and tested against the log file

Argent for Compliance comes with General Best Practice Rules that can be modified or copied:

Windows File Log Rules

WIN_LOG_SQL_CONTAINS_ERROR

SQL Server Errors Detected

Description:

This Rule is a sample of how Argent automates alerting a SQL Server text log for all log lines matching the “Error” keyword

SQL Server provides error codes for each error, including the severity and state

Example line containing “Error” in the SQL Error Logs:

Error: 1105, Severity: 17, State: 2

WIN_LOG_SQL_CONTAINS_EXCEPTION

SQL Server Exceptions Detected

Description:

This Rule is a sample of how Argent automates alerting a SQL Server text log for all log lines matching the “Exception” keyword

Exceptions are extremely critical and could cause SQL Server to stop working or databases to refuse connections

WIN_LOG_SQL_CONTAINS_LOGIN_FAILURE

SQL Server Login Failure Detected

Description:

This Rule is a sample of how Argent monitors a SQL Server text log for all log lines matching the “Login failed” keyword more than 10 times since the last poll

This indicates a possible hacker attack or a rogue application connecting to SQL Server with incorrect credentials

WIN_LOG_SQL_CONTAINS_COULD_NOT_ALLOCATE_SPACE

SQL Server Could Not Allocate Space

Description:

This Rule is a sample of how Argent automates alerting a SQL Server text log for all log lines matching the “Could not allocate space” keywords

This indicates the hard drive that the data files are installed on have run out of disk space

Linux/Unix File Log Rules

UNX_ARCHIVE_LINUX_BOOT_LOG

Archiving Linux Boot Log

Description:

Auditors require production Linux server boot logs to be archived

The Linux boot log is a critical control facility allowing auditors to check the correct operation AND SECURITY of the production Linux server

From the Linux boot log archived in Argent, critical audit reports can automatically generated and sent, listing such essential details as boot times, hardware issues, or software misconfigurations

Also the Linux boot log archived in Argent shows the status of disk partitions including partition recovery information and hardware problems, as well as the status and configuration of the network interfaces

UNX_ARCHIVE_LINUX_SYSTEM_LOG

Archiving Linux System Log

Description:

Auditors require production Linux system logs to be archived

The Linux system log is a critical control facility allowing auditors to check the correct operation AND SECURITY of the production Linux server

From the Linux system log archived in Argent, critical audit reports can automatically generated and sent listing such essential details critical errors