HOME

TheInfoList



Click Here for Items Related To - Log Management
OR:
Log Management on:   [Wikipedia]   [Google]   [Amazon]

Log management (LM) comprises an approach to dealing with large volumes of
computer A computer is a machine that can be programmed to Execution (computing), carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as C ...
-generated log messages (also known as
audit records An audit is an "independent examination of financial information of any entity, whether profit oriented or not, irrespective of its size or legal form when such an examination is conducted with a view to express an opinion thereon.” Auditing ...
, audit trails, event-logs, etc.). Log management generally covers: * Log collection * Centralized log aggregation * Long-term log storage and retention * Log rotation * Log analysis (in real-time and in bulk after storage) * Log search and reporting.


Overview

The primary drivers for log management implementations are concerns about
security Security is protection from, or resilience against, potential harm (or other unwanted coercive change) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social ...
, system and network operations (such as
system A system is a group of Interaction, interacting or interrelated elements that act according to a set of rules to form a unified whole. A system, surrounded and influenced by its environment (systems), environment, is described by its boundaries, ...
or
network administration Network management is the process of administering and managing computer networks. Services provided by this discipline include fault analysis, performance management, provisioning of networks and maintaining quality of service. Network managemen ...
) and regulatory compliance. Logs are generated by nearly every computing device, and can often be directed to different locations both on a local
file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...
or remote system. Effectively analyzing large volumes of diverse logs can pose many challenges, such as: * Volume: log data can reach hundreds of gigabytes of data per day for a large organization. Simply collecting, centralizing and storing data at this volume can be challenging. * Normalization: logs are produced in multiple formats. The process of
normalization Normalization or normalisation refers to a process that makes something more normal or regular. Most commonly it refers to: * Normalization (sociology) or social normalization, the process through which ideas and behaviors that may fall outside of ...
is designed to provide a common output for analysis from diverse sources. * Velocity: The speed at which logs are produced from devices can make collection and aggregation difficult * Veracity: Log events may not be accurate. This is especially problematic for systems that perform detection, such as intrusion detection systems. Users and potential users of log management may purchase complete commercial tools or build their own log-management and intelligence tools, assembling the functionality from various
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...
components, or acquire (sub-)systems from commercial vendors. Log management is a complicated process and organizations often make mistakes while approaching it. Logging can produce technical information usable for the maintenance of applications or websites. It can serve: * to define whether a reported bug is actually a bug * to help analyze, reproduce and solve bugs * to help test new features in a development stage


Terminology

Suggestions were made to change the definition of logging. This change would keep matters both purer and more easily maintainable: * Logging would then be defined as all instantly discardable data on the technical process of an application or website, as it represents and processes data and user input. * Auditing, then, would involve data that is not immediately discardable. In other words: data that is assembled in the auditing process, is stored persistently, is protected by authorization schemes and is, always, connected to some end-user functional requirement.


Deployment life-cycle

One view of assessing the maturity of an organization in terms of the deployment of log-management tools might use successive levels such as: # in the initial stages, organizations use different log-analyzers for analyzing the logs in the devices on the security perimeter. They aim to identify the patterns of attack on the perimeter infrastructure of the organization. # with the increased use of integrated computing, organizations mandate logs to identify the access and usage of confidential data within the security perimeter. # at the next level of maturity, the log analyzer can track and monitor the performance and availability of systems at the level of the enterprise — especially of those information assets whose availability organizations regard as vital. # organizations integrate the logs of various
business Business is the practice of making one's living or making money by producing or Trade, buying and selling Product (business), products (such as goods and Service (economics), services). It is also "any activity or enterprise entered into for pr ...
applications into an enterprise log manager for a better value proposition. # organizations merge the physical-access monitoring and the logical-access monitoring into a single view.


See also

* Audit trail *
Common Base Event Common Base Event (CBE) is an IBM implementation of the Web Services Distributed Management Web Services Distributed Management (WSDM, pronounced ''wisdom'') is a web service standard for managing and monitoring the status of other services. Th ...
* Common Log Format * DARPA
PRODIGAL ''The Prodigal'' is a 1955 epic biblical film. The Prodigal, Prodigal or Prodigals may also refer to: Arts, entertainment and media Film and television * ''The Prodigal'' (1931 film), an early talkie film * ''The Prodigal'' (1983 film), directe ...
and
Anomaly Detection at Multiple Scales Anomaly Detection at Multiple Scales, or ADAMS, was a $35 million DARPA project designed to identify patterns and anomalies in very large data sets. It is under DARPA's DARPA#Current program offices, Information Innovation office and began in 2011 ...
(ADAMS) projects. * Data logging * Log analysis * Log monitor * Log management knowledge base * Security information and event management * Server log * Syslog * Web counter * Web log analysis software


References

* Chris MacKinnon: "LMI In The Enterprise". ''Processor'' November 18, 2005, Vol.27 Issue 46, page 33. Online at http://www.processor.com/editorial/article.asp?article=articles%2Fp2746%2F09p46%2F09p46.asp, retrieved 2007-09-10 * MITRE: Common Event Expression (CEE) Proposed Log Standard. Online at http://cee.mitre.org, retrieved 2010-03-03 * NIST 800-92: Guide to Security Log Management. Online at http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf, retrieved 2010-03-03


External links


InfoWorld review and comparison of commercial Log Management products
{{DEFAULTSORT:Log Management And Intelligence Network management Computer systems *