powered by Jive Software

Log for SOX

Hi

After Worldcom and Eron’‘s coporate corruption, the goverment and market demand that the corporate’‘s activities should be transparent to the auditors. I don’'t know if those auditor has specific requirement for IM or not (or may be in the future). For example we have a helpdesk ticket system and the user request to add into the certain mailing list. We add the user to the list using a script that also do the logging and we usually put the ticket number. I wonder if we might need that kind of logging in the future for wildfire. Just my thought.

regards,

wmhtet

Hmm…

My previous post is not very clear. It would be nice if wild fire has system maintainence logging mechanism. For example,

-which admin has changed the system properties.

-which admin has created the user, group, muc room

-which admin has shutdown the server for what reason(need to have shutdown button in admin console)

-when is the server upgraded or downgraded

-when is the plugin added ( if possible, who has added the plugin by making plugin not to start working right away unless the admin make it start)

with Viewer, of course

Regards,

wmhtet

Message was edited by: wmhtet

Hi wmhtet,

we use a tool similar to a trouble ticket system to track all changes. As Wifi is only one of 100 applications it seems to be a bad idea that every application uses it’'s own feature to do this. Also you may use Windows/Linux, AD/LDAP, MySQL/Oracle together with Wifi. So I wonder if this is the right approach.

So if one want’'s to a major change like update Wifi (or add a plugin or change the operating system version or the database version) a ticket is created. After the update it is closed.

LG

LG

I am a junior in the field and you can enlighten me more. Yes, we have the ticket system to track the user requests and major and minor chages but I also notice that we do the logging on the system side also. Let me try a redundent example here again,

-the user request the aliases for the email address via ticket.

  • It is logged in the ticket system.

-I made the change on the system for that.

-Then I put down the ticket number in the system.

-It is logged in the system.

I think that it is needed because when there is an issue with the System, we check the system log first and then track ticket number if necessary.

Let’'s try a wildfire example,

-a particular user has access to the MUC room where he does not belong to

( a probable SOX violation)

-we will first check the supposed WIld Fire system log to see if there is a ticket or who make the change

(we won’'t look for the change in the ticket system, where it tracks everything for all the system, at first)

-Once, we got the ticket number from WildFire system log, then we will see who has requested it and who has approved that in the ticket system.

Sometime there won’'t be a ticket for minor changes and instead of creating ticket oneself, it would be better to do the logging on the system. It may also help sys admin a lot when it comes to trouble shooting because he might have an idea what changes trigger the problem by going through the system log.

I hope that I am not confusing

wmhtet