PA-DSS requirement 4.4
Facilitate centralized logging
The main goal of centralized logging is to provide one single, centralized location where logs from multiple systems can be stored and consulted. Essentially, centralizing comes down to copying logs generated by a Maitre’D system to a separate computer in a different location.
In addition to basic convenience, centralization protects log files against accidental or intentional deletion and prevents malicious users from tampering with them.
In an ideal setting, the centralized log server should be in a separate network and at a different location. In the event that the Maitre’D Back-Office computer gets compromised, the log server is less likely to become affected and the logs will remain available to troubleshoot the issue.
Exporting events from Windows Event Viewer
The Windows Event Viewer uses the Common Log File System (CLFS), which is a general-purpose logging subsystem that is accessible to both kernel-mode as well as user-mode applications for building high-performance transaction logs. It was introduced with Windows Server 2003 R2 and included in later Windows operating systems. CLFS can be used for both data logging as well as for event logging.
Developed by Microsoft, CLFS includes various APIs and interfaces which allows thirdparty software developers to create tools that facilitate centralized logging. Essentially, these tools are able to read events from the Windows Event Viewer in real-time or nearreal-time on multiple PCs and collect the data in one centralized location in order to safeguard the logs. This protects the logs against accidental or intentional deletion and prevents tampering with the logs.
Commercially-available products such as Splunk exist to setup centralized logging servers. There are also hosted and cloud-based services that can take care of centralized logging without the need to setup dedicated servers. There are far too many solutions available out there to list them all here. Please check with existing software and service providers and ask for a solution that will allow centralized logging of events from Windows Event Viewer.
Other logs and reports
Maitre’D includes a wide variety of logs and reports that can be used either for troubleshooting purposes or for legal auditing. All Maitre’D logs are stored on the hard drive as text files, and these can easily be consulted. As for audit reports, they are actually Crystal Reports, which can be exported in many standard formats, such as PDF, CSV, Excel, Dbase, Etc
Text logs
As explained previously, logs are stored in C:\POSERA\MaitreD\DATA\LOG. These logs are in fact plain text documents which can easily be copied to another PC and read with readily available applications such as NotePad. Because plain text files are so common, they can be monitored “as-is” by most third-party event logging applications or software suites.
Crystal Reports
Once a report is generated, it can be exported to many different formats, including Comma-Separated Values (CSV), Tab-Separated text, plain text and many others. To export the Access Log report, proceed as follows:
1- Generate the Access Log report as previously explained in the PA-DSS Requirement 4.1 section.
2- Click on the Export button. The button is shaped like an envelope and located near the top of the report window
3- From the Format drop-down, select the format towards which you want to export the report data
4- From the Destination drop-down, select the Disk File option, and click OK.
5- Depending on the format that was selected, you may need to configure additional settings, such as the separator character and delimiters. Do so, and click OK.
6- Select a destination folder and a file name, and then click OK
7- The export file will be generated and saved.
Dernière mise à jour