06-18-13 | Blog Post
A daily log review can detect patterns of normal use and provide insight into any abnormalities in the system network and servers instead of auditing devices after an event occurs. With consistent monitoring and analysis, data breaches can be pinpointed faster and remediated more effectively.
If you collect, store or process credit cardholder data, you need to meet PCI DSS (Payment Card Industry Data Security Standard) compliance requirement 10.6.
PCI requirement 10.6 requires log review:
Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for example, RADIUS).
The PCI DSS requirement goes beyond automated logging. You or your provider must actually review and analyze the logs daily. Listen to Otava’s technical team explain daily log review and how it works.
Q: What is daily log review?
A: Daily log review is a PCI compliant security standard that says we are going to review your logs on a daily basis for malicious behavior and other anomalies. Actual humans and software will be used to review your logs. Otava collects all of the log data on the network and server devices. We keep that online for 90 days and keep archives of that data for a full year, as required by the PCI requirement 10:7:
PCI Requirement 10:7
Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).
Daily log review is more than just an automated process. An actual human being sits down and looks at what is in the log file, reviews it and makes decisions to protect your data.
Q: Who should be using daily log review?
A: Anyone who is concerned with security and needs to be PCI compliant. That could be credit card data, financial data, social security numbers, health care records; anyone with sensitive information needs daily log review.
PCI requirement 10.3 mandates that you must:
Record at least the following audit trail entries for all system components for each event – a whole list of events follow, including user ID, type of event, data and time, success or failure indication, etc.
Q: How does it work?
A: Online Tech configures your devices to send messages to our daily log review system. Reports of daily log reviews are availably monthly in OTPortal. We keep 90 days of instant access logs and up to a year of archived messages.
To learn more about Daily Log Review and PCI hosting, download Otava’s PCI Compliant Hosting whitepaper. It explores the impact of the PCI DSS standard on data centers and server infrastructure, describes the architecture of a PCI compliant data center both technically and contractually, and outlines the benefits and risks of data center outsourcing and vendor selection criteria.