Monitoring and analyzing user and system activity can help detect patterns of normal use and potentially malicious users. Daily log review is the process of regularly reviewing and reporting on log activity. These messages provide insight into any abnormalities in the system network and servers – including failed login attempts or other indicators of possible intrusions.
While some PCI hosting providers may offer logging (tracking user activity, transporting and storing log events), Online Tech provides the complete logging experience with daily log review, analysis, and monthly reporting.
If you collect, store or process credit cardholder data, you need to meet the PCI DSS (Payment Card Industry Data Security Standard) compliance requirement 10.6 that requires log review for all system components on a daily basis.
How does it work?
Online Tech configures your devices to send messages to our daily log review system. Reports of daily log reviews will be available monthly in our client portal, OTPortal. We keep 90 days of instant access logs and up to a year of archived messages, as required by the PCI requirement 10.7:
Retain audit trail history for at least one year, with a minimum of three months immediately available for analysis (for example, online, archived, or restorable from back-up).
Why use it?
Daily Log Review provides regular insight into your system on a daily basis, instead of auditing devices after an event occurs. With consistent monitoring and analysis, you can pinpoint a potential data breach and remediate faster and more effectively.
PCI requirement 10.3 mandates that you must:
Record at least the following audit trail entries for all system components for each event - a whole list of events follow, including user ID, type of event, data and time, success or failure indication, etc.
PCI requirement 10.6 requires log review:
Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion-detection system (IDS) and authentication, authorization, and accounting protocol (AAA) servers (for
Note that the PCI DSS requirement goes beyond automated logging. Either you or your provider must actually review and analyze the logs daily.
HIPAA requires the ability to monitor log-in attempts and reporting discrepancies (§164.308(a)(5)(ii)(C) of the HIPAA Security Standards Administrative Safeguards). As a subset of the Security Awareness and Training Standard (§164.308(a)(5)), log-in monitoring requires tracking failed log-in attempts to make workforce members aware of password management and system use.
What are the benefits?
- A system that analyzes and condenses logging data for ease of review.
- Instead of auditing devices after an issue is raised, ongoing daily log review allows the client to view changes to their system daily.
- Allows the client to be more proactive in preventing and resolving issues.
- Decreases a company’s risk of security breaches, malware, loss and legal liabilities.
Download our Daily Log Review datasheet today.