The Essentials Series: Log Management: Best Practices for Security and Compliance

by Eric Schmidt


Every system in an Enterprise IT Infrastructure generates logs of their activity and the data they capture can be a vast source of valuable information to aid in maintaining regulation compliance, responding to a security incident, or as a troubleshooting aid. In order to tap this vast wealth of data it is critical to establish a robust and reliable log file management strategy. In The Essentials Series: Log Management: Best Practices for Security and Compliance by enterprise IT veteran Eric Schmidt, readers will learn the importance of a good log file management strategy and the benefits that it can provide.


Article 1: The Importance of Log Management to your Security and Compliance Practices

Every information technology system, application, or appliance that an Enterprise deploys shares a common thread no matter what type of operating system or application they are. What they share is that to one degree or another, details regarding the operations they perform are captured in log files. The log files that systems and applications create can contain a vast wealth of information about the health and daily activity the infrastructure; however, they are generally local to the system or applications that generate them. This highly distributed creation and storage of log files creates significant challenges to leverage them in a way that will benefit the enterprise from a security and compliance perspective. This series, which consists of three articles, will focus on the benefits of centralizing logs and best practices for leveraging them for troubleshooting, incident response, and maintaining compliance with existing and new regulations. In order to leverage log files we'll discuss how to develop an effective strategy for centralizing the collection of logs and the type of systems for which logs should be collected from.

Article 2: How to Leverage your Logs to Secure your Environment

The first article in this series discussed the importance of log files and began to make a case for centralizing log collection. This article will bring more attention to centralization and present more detailed examples of the benefits it provides with respect to security, compliance, and troubleshooting. To accomplish this, three real-world scenarios will be presented. Each will compare and contrast the difference in response when logs have been centralized versus when they aren't. Alerting and reporting will also be highlighted in these scenarios as they play a critical role in driving people to action and increasing efficiency.

Article 3: Best Practices for Log File Management (Compliance, Security, Troubleshooting)

The final article in this Essentials Series will move beyond the details of specific logs and scenarios in which they can be used to a discussion on best practices for implementing and leveraging centralized log management.