Is centralized logging worth all the effort?
Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure.
Once you establish a central log repository, the next step is to introduce centralized analysis techniques. Many...
Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
organizations fulfill this requirement through the use of a security incident management (SIM) device. A SIM allows you to add a degree of automation to your log analysis process. You can create rules that analyze logs, aggregated from various devices, for patterns of suspicious activity.
The main stumbling block many organizations face when deciding whether to implement centralized logging and/or SIMs is the investment of time and resources necessary to get such an implementation off the ground. Depending upon how long you decide to retain records (many organizations choose to keep them for at least a year), logs can consume massive quantities of disk space. Additionally, SIMs require a significant amount of configuration and tuning to optimize for a particular enterprise.
- See how SIMs have helped to integrate network and security management.
- A variety of devices produce waves of logs. Learn how to get all that network data under control.