GDPR galore

matteo nunziati

OK,

here in Europe they are starting spread FUD about GDPR and consequences if you are not aligned. One of the things which seems useful to pass the inspection (don't really mind about what can be useful to be compliant de facto) is a log monitoring system like ELSA.

Now I'm new to this kind of stuff and I know about ELSA as a name just because of a post on linked in.

Basic question is: what would you use for centralized logging and inspection in a mixed env (linux + windows)? Any hint is welcome as I'm just aware of syslog for centralized logging in linux envs, but I'm quite new to windows, to not say about any tool for analysis and reporting (and I also hate it already!).

coliver

Check out the ELK or Graylog stack. They seem to be standard centralized logging systems.

scottalanmiller

@coliver said in GDPR galore:

Check out the ELK or Graylog stack. They seem to be standard centralized logging systems.

Those are by far the two big ones. Also Splunk if you have really deep pockets.

hobbit666

Yeah I've been hearing a lot on this GDPR stuff luckily I'm not involved and others in the dept are lol.

But what logs would they need you to collect and store? We don't do this at the moment but if required would like to start looking at solutions. So I'm prepared for the "can you do this and get it installed" lol

stacksofplates

@coliver said in GDPR galore:

Check out the ELK or Graylog stack. They seem to be standard centralized logging systems.

I would go with Graylog unless you want to build some type of authentication mechanism for ELK (now Elastic Stack). Graylog has RBA built in along with alerting and other nice tools. We got a quote from Elastic for a 6 node cluster with their auth front end stuff and it was going to be $55,000 a year.

scottalanmiller

@stacksofplates said in GDPR galore:

@coliver said in GDPR galore:

Check out the ELK or Graylog stack. They seem to be standard centralized logging systems.

I would go with Graylog unless you want to build some type of authentication mechanism for ELK (now Elastic Stack). Graylog has RBA built in along with alerting and other nice tools. We got a quote from Elastic for a 6 node cluster with their auth front end stuff and it was going to be $55,000 a year.

That's why we use GL instead of ELK.

matteo nunziati

@hobbit666 said in GDPR galore:

Yeah I've been hearing a lot on this GDPR stuff luckily I'm not involved and others in the dept are lol.

But what logs would they need you to collect and store? We don't do this at the moment but if required would like to start looking at solutions. So I'm prepared for the "can you do this and get it installed" lol

Bah. Here in italy they are stressing a lot the access control. And they want centralized lig inspection to check for logins (not necessarily a valid point from a tech perspective but they ask for)