Log management

Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc.). LM covers:[1]

Concerns about security,[2] system and network operations (such as system or network administration) and regulatory compliance drive log management.

Effectively analyzing large volumes of diverse logs can pose many challenges — such as:

Users and potential users of LM can build their own log-management and intelligence tools, assemble the functionality from various open-source components, or acquire (sub-)systems from commercial vendors. Log management is a complicated process and organizations often make mistakes while approaching it.[3]

Suggestions were made to change the definition of logging. This change would keep matters both more pure and more easily maintainable:

Logging can produce technical information usable for the maintenance of applications or websites. It can serve:

Deployment life-cycle

One view of assessing the maturity of an organization in terms of the deployment of log-management tools might use successive levels such as:

  1. in the initial stages, organizations use different log-analyzers for analyzing the logs in the devices on the security-perimeter. They aim to identify the patterns of attack on the perimeter infrastructure of the organization.
  2. with increased use of integrated computing, organizations mandate logs to identify the access and usage of confidential data within the security-perimeter.
  3. at the next level of maturity, the log analyzer can track and monitor the performance and availability of systems at the level of the enterprise — especially of those information-assets whose availability organizations regard as vital.
  4. organizations integrate the logs of various business-applications into an enterprise log manager for better value proposition.
  5. organizations merge the physical-access monitoring and the logical-access monitoring into a single view.

See also

References

  1. http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf
  2. "Leveraging Log Data for Better Security". EventTracker SIEM, IT Security, Compliance, Log Management. Retrieved 12 August 2015.
  3. "Top 5 Log Mistakes - Second Edition". Docstoc.com. Retrieved 12 August 2015.

External links

This article is issued from Wikipedia - version of the Thursday, March 24, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.