Case Study: DataPath meets HIPAA and PCI DSS compliance with syslog-ng

Meeting HIPAA and PCI DSS requirements in Windows environment

DataPath, a privately held employee benefits software company, needed a way to centralize system logs while meeting HIPAA and PCI-DSS requirements in a mixed Windows and Linux environment. The company also needed TLS mutual authentication and encryption, plus the ability to send logs to its IDS in a custom SNARE format. syslog-ng™ Premium Edition, including syslog-ng™ Agent for Windows, was selected to address these requirements without requiring multiple tools.

With syslog-ng™, DataPath implemented centralized log collection using TLS mutual authentication, disk buffering, flow control, SQL database hooks, and custom message parsing. The solution runs on Windows Server 2003/2008 systems and a Debian-based syslog-ng server, and it stores logs in flat files and a MySQL database. The result was a simpler, easier-to-maintain logging infrastructure that was already monitoring 25 Windows servers in production with near real-time delivery of logs for faster response to issues.

DataPath

Thomas Robbins

IT Project Manager