HOME

TheInfoList



Click Here for Items Related To - log management
OR:
log management on:   [Wikipedia]   [Google]   [Amazon]

Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records,
audit trail An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific ...
s, event-logs, etc.). Log management generally covers: * Log collection * Centralized log aggregation * Long-term log storage and retention *
Log rotation In information technology, log rotation is an automated process used in system administration in which log files are compressed, moved (archived), renamed or deleted once they are too old or too big (there can be other metrics that can apply her ...
*
Log analysis In computer log management and intelligence, log analysis (or ''system and network log analysis'') is an art and science seeking to make sense of computer-generated records (also called log or audit trail records). The process of creating such reco ...
(in real-time and in bulk after storage) * Log search and reporting.


Overview

The primary drivers for log management implementations are concerns about
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
, system and network operations (such as system or network administration) and regulatory compliance. Logs are generated by nearly every computing device, and can often be directed to different locations both on a local file system or remote system. Effectively analyzing large volumes of diverse logs can pose many challenges, such as: * Volume: log data can reach hundreds of gigabytes of data per day for a large
organization An organization or organisation (English in the Commonwealth of Nations, Commonwealth English; American and British English spelling differences#-ise, -ize (-isation, -ization), see spelling differences), is an legal entity, entity—such as ...
. Simply collecting, centralizing and storing data at this volume can be challenging. * Normalization: logs are produced in multiple formats. The process of normalization is designed to provide a common output for analysis from diverse sources. * Velocity: The speed at which logs are produced from devices can make collection and aggregation difficult * Veracity: Log events may not be accurate. This is especially problematic for systems that perform detection, such as
intrusion detection systems An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...
. Users and potential users of log management may purchase complete commercial tools or build their own log-management and intelligence tools, assembling the functionality from various open-source components, or acquire (sub-)systems from commercial vendors. Log management is a complicated process and organizations often make mistakes while approaching it. Logging can produce technical information usable for the maintenance of applications or websites. It can serve: * to define whether a reported bug is actually a bug * to help analyze, reproduce and solve bugs * to help test new features in a development stage


Terminology

Suggestions were made to change the definition of logging. This change would keep matters both purer and more easily maintainable: * Logging would then be defined as all instantly discardable data on the technical process of an application or website, as it represents and processes data and user input. * Auditing, then, would involve data that is not immediately discardable. In other words: data that is assembled in the auditing process, is stored persistently, is protected by authorization schemes and is, always, connected to some end-user functional requirement.


Deployment life-cycle

One view of assessing the maturity of an organization in terms of the deployment of log-management tools might use successive levels such as: # in the initial stages, organizations use different log-analyzers for analyzing the logs in the devices on the security perimeter. They aim to identify the patterns of attack on the perimeter infrastructure of the organization. # with the increased use of integrated computing, organizations mandate logs to identify the access and usage of confidential data within the security perimeter. # at the next level of maturity, the log analyzer can track and monitor the performance and availability of systems at the level of the
enterprise Enterprise (or the archaic spelling Enterprize) may refer to: Business and economics Brands and enterprises * Enterprise GP Holdings, an energy holding company * Enterprise plc, a UK civil engineering and maintenance company * Enterpris ...
— especially of those information assets whose availability organizations regard as vital. # organizations integrate the logs of various business applications into an enterprise log manager for a better
value proposition In marketing, a company’s value proposition is the full mix of benefits or economic value which it promises to deliver to the current and future customers (i.e., a market segment) who will buy their products and/or services. It is part of a co ...
. # organizations merge the physical-access monitoring and the logical-access monitoring into a single view.


See also

*
Audit trail An audit trail (also called audit log) is a security-relevant chronological record, set of records, and/or destination and source of records that provide documentary evidence of the sequence of activities that have affected at any time a specific ...
* Common Base Event *
Common Log Format For computer log management, the Common Log Format, also known as the NCSA Common log format, (after NCSA HTTPd) is a standardized text file format used by web servers when generating server log files. Because the format is standardized, the ...
*
DARPA The Defense Advanced Research Projects Agency (DARPA) is a research and development agency of the United States Department of Defense responsible for the development of emerging technologies for use by the military. Originally known as the Ad ...
PRODIGAL and Anomaly Detection at Multiple Scales (ADAMS) projects. *
Data logging A data logger (also datalogger or data recorder) is an electronic device that records data over time or about location either with a built-in instrument or sensor or via external instruments and sensors. Increasingly, but not entirely, they ar ...
*
Log analysis In computer log management and intelligence, log analysis (or ''system and network log analysis'') is an art and science seeking to make sense of computer-generated records (also called log or audit trail records). The process of creating such reco ...
*
Log monitor Log monitors are a type of software that monitor log files. Servers, application, network and security devices generate log files. Errors, problems, and more information is constantly logged and saved for later log analysis. In order to detect ...
*
Log management knowledge base The Log Management Knowledge Base is a free database of detailed descriptions on over 20,000 event logs generated by Windows systems, syslog devices and applications. Provided as a free service to the IT community by Prism Microsystems, the aim of t ...
*
Security information and event management Security information and event management (SIEM) is a field within the field of computer security, where software products and services combine security information management (SIM) and security event management (SEM). They provide real-time ana ...
*
Server log In computing, logging is the act of keeping a log of events that occur in a computer system, such as problems, errors or just information on current operations. These events may occur in the operating system or in other software. A message or l ...
*
Syslog In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, i ...
*
Web counter A web counter or hit counter is a publicly displayed running tally of the number of visits a webpage has received. Web counters are usually displayed as an inline digital image or in plain text. Image rendering of digits may use a variety of ...
*
Web log analysis software Web log analysis software (also called a web log analyzer) is a kind of web analytics software that parses a server log file from a web server, and based on the values contained in the log file, derives indicators about when, how, and by whom a web ...


References

* Chris MacKinnon: "LMI In The Enterprise". ''Processor'' November 18, 2005, Vol.27 Issue 46, page 33. Online at http://www.processor.com/editorial/article.asp?article=articles%2Fp2746%2F09p46%2F09p46.asp, retrieved 2007-09-10 * MITRE: Common Event Expression (CEE) Proposed Log Standard. Online at http://cee.mitre.org, retrieved 2010-03-03 * NIST 800-92: Guide to Security Log Management. Online at http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf, retrieved 2010-03-03


External links


InfoWorld review and comparison of commercial Log Management products
{{DEFAULTSORT:Log Management And Intelligence Network management Computer systems *