74:
135:
33:
379:, then, would involve data that is not immediately discardable. In other words: data that is assembled in the auditing process, is stored persistently, is protected by authorization schemes and is, always, connected to some end-user functional requirement.
256:) is composed of entries (records), and each entry contains information related to a specific event that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments.
445:
392:
in the initial stages, organizations use different log-analyzers for analyzing the logs in the devices on the security perimeter. They aim to identify the patterns of attack on the perimeter infrastructure of the
340:
Users and potential users of log management may purchase complete commercial tools or build their own log-management and intelligence tools, assembling the functionality from various
373:
would then be defined as all instantly discardable data on the technical process of an application or website, as it represents and processes data and user input.
344:
components, or acquire (sub-)systems from commercial vendors. Log management is a complicated process and organizations often make mistakes while approaching it.
396:
with the increased use of integrated computing, organizations mandate logs to identify the access and usage of confidential data within the security perimeter.
635:
274:
Logs aggregation (centralization) - a process of putting all the log data together in a single place for the sake of further analysis or/and retention.
475:
304:) and regulatory compliance. Logs are generated by nearly every computing device, and can often be directed to different locations both on a local
388:
One view of assessing the maturity of an organization in terms of the deployment of log-management tools might use successive levels such as:
449:
277:
Log storage and retention - a process of handling large volumes of log data according to corporate or regulatory policies (compliance).
399:
at the next level of maturity, the log analyzer can track and monitor the performance and availability of systems at the level of the
557:
83:
236:
218:
116:
60:
366:
Suggestions were made to change the definition of logging. This change would keep matters both purer and more easily maintainable:
152:
46:
615:
199:
156:
171:
470:
650:
178:
332:
Veracity: Log events may not be accurate. This is especially problematic for systems that perform detection, such as
333:
323:
145:
660:
655:
515:
495:
347:
Logging can produce technical information usable for the maintenance of applications or websites. It can serve:
185:
87:
283:- a process that helps operations and security team to handle system performance issues and security incidents
528:
Kent, Karen; Souppaya, Murugiah (September 2006). Guide to
Computer Security Log Management (Report). NIST.
587:
252:
is the process for generating, transmitting, storing, accessing, and disposing of log data. A log data (or
167:
329:
Velocity: The speed at which logs are produced from devices can make collection and aggregation difficult
417:
organizations merge the physical-access monitoring and the logical-access monitoring into a single view.
301:
263:
Log collection - a process of capturing actual data from log files, application standard output stream (
297:
52:
539:
17:
437:
432:
411:
341:
293:
529:
264:
192:
616:
http://www.processor.com/editorial/article.asp?article=articles%2Fp2746%2F09p46%2F09p46.asp
565:
403:— especially of those information assets whose availability organizations regard as vital.
311:
Effectively analyzing large volumes of diverse logs can pose many challenges, such as:
268:
644:
543:
319:. Simply collecting, centralizing and storing data at this volume can be challenging.
460:
455:
316:
280:
98:
490:
465:
427:
305:
134:
480:
315:
Volume: log data can reach hundreds of gigabytes of data per day for a large
534:
292:
The primary drivers for log management implementations are concerns about
407:
400:
326:
is designed to provide a common output for analysis from diverse sources.
621:
MITRE: Common Event
Expression (CEE) Proposed Log Standard. Online at
94:
636:
InfoWorld review and comparison of commercial Log
Management products
485:
322:
Normalization: logs are produced in multiple formats. The process of
442:
128:
67:
26:
562:
EventTracker SIEM, IT Security, Compliance, Log
Management
259:
The process of log management generally breaks down into:
410:
applications into an enterprise log manager for a better
622:
614:
November 18, 2005, Vol.27 Issue 46, page 33. Online at
159:. Unsourced material may be challenged and removed.
351:to define whether a reported bug is actually a bug
357:to help test new features in a development stage
518:, Cybersecurity Log Management Planning Guide
8:
406:organizations integrate the logs of various
61:Learn how and when to remove these messages
610:Chris MacKinnon: "LMI In The Enterprise".
97:. Please do not remove this message until
558:"Leveraging Log Data for Better Security"
533:
476:Security information and event management
354:to help analyze, reproduce and solve bugs
296:, system and network operations (such as
237:Learn how and when to remove this message
219:Learn how and when to remove this message
117:Learn how and when to remove this message
93:Relevant discussion may be found on the
507:
588:"Top 5 Log Mistakes - Second Edition"
7:
450:Anomaly Detection at Multiple Scales
157:adding citations to reliable sources
25:
42:This article has multiple issues.
133:
72:
31:
144:needs additional citations for
50:or discuss these issues on the
18:Log management and intelligence
1:
471:Log management knowledge base
334:intrusion detection systems
99:conditions to do so are met
677:
496:Web log analysis software
625:, retrieved 2010-03-03
618:, retrieved 2007-09-10
535:10.6028/NIST.SP.800-92
302:network administration
384:Deployment life-cycle
623:http://cee.mitre.org
153:improve this article
568:on 28 December 2014
308:or remote system.
86:of this article is
651:Network management
271:and other sources.
546:. NIST SP 800-92.
452:(ADAMS) projects.
438:Common Log Format
433:Common Base Event
412:value proposition
247:
246:
239:
229:
228:
221:
203:
127:
126:
119:
65:
16:(Redirected from
668:
661:Computer logging
656:Computer systems
603:
602:
600:
598:
584:
578:
577:
575:
573:
564:. Archived from
554:
548:
547:
537:
525:
519:
512:
242:
235:
224:
217:
213:
210:
204:
202:
168:"Log management"
161:
137:
129:
122:
115:
111:
108:
102:
76:
75:
68:
57:
35:
34:
27:
21:
676:
675:
671:
670:
669:
667:
666:
665:
641:
640:
632:
607:
606:
596:
594:
586:
585:
581:
571:
569:
556:
555:
551:
527:
526:
522:
513:
509:
504:
424:
386:
364:
290:
243:
232:
231:
230:
225:
214:
208:
205:
162:
160:
150:
138:
123:
112:
106:
103:
92:
77:
73:
36:
32:
23:
22:
15:
12:
11:
5:
674:
672:
664:
663:
658:
653:
643:
642:
639:
638:
631:
630:External links
628:
627:
626:
619:
605:
604:
579:
549:
520:
506:
505:
503:
500:
499:
498:
493:
488:
483:
478:
473:
468:
463:
458:
453:
440:
435:
430:
423:
420:
419:
418:
415:
404:
397:
394:
385:
382:
381:
380:
374:
363:
360:
359:
358:
355:
352:
338:
337:
330:
327:
320:
289:
286:
285:
284:
278:
275:
272:
250:Log management
245:
244:
227:
226:
141:
139:
132:
125:
124:
80:
78:
71:
66:
40:
39:
37:
30:
24:
14:
13:
10:
9:
6:
4:
3:
2:
673:
662:
659:
657:
654:
652:
649:
648:
646:
637:
634:
633:
629:
624:
620:
617:
613:
609:
608:
593:
589:
583:
580:
567:
563:
559:
553:
550:
545:
541:
536:
531:
524:
521:
517:
511:
508:
501:
497:
494:
492:
489:
487:
484:
482:
479:
477:
474:
472:
469:
467:
464:
462:
459:
457:
454:
451:
447:
444:
441:
439:
436:
434:
431:
429:
426:
425:
421:
416:
413:
409:
405:
402:
398:
395:
393:organization.
391:
390:
389:
383:
378:
375:
372:
369:
368:
367:
361:
356:
353:
350:
349:
348:
345:
343:
335:
331:
328:
325:
324:normalization
321:
318:
314:
313:
312:
309:
307:
303:
299:
295:
287:
282:
279:
276:
273:
270:
266:
262:
261:
260:
257:
255:
251:
241:
238:
223:
220:
212:
201:
198:
194:
191:
187:
184:
180:
177:
173:
170: –
169:
165:
164:Find sources:
158:
154:
148:
147:
142:This article
140:
136:
131:
130:
121:
118:
110:
100:
96:
90:
89:
85:
79:
70:
69:
64:
62:
55:
54:
49:
48:
43:
38:
29:
28:
19:
611:
595:. Retrieved
591:
582:
570:. Retrieved
566:the original
561:
552:
523:
510:
461:Log analysis
456:Data logging
387:
376:
370:
365:
346:
339:
317:organization
310:
291:
281:Log analysis
258:
253:
249:
248:
233:
215:
206:
196:
189:
182:
175:
163:
151:Please help
146:verification
143:
113:
104:
82:
58:
51:
45:
44:Please help
41:
592:Docstoc.com
516:SP 800-92r1
491:Web counter
466:Log monitor
428:Audit trail
362:Terminology
342:open-source
306:file system
267:), network
645:Categories
502:References
481:Server log
401:enterprise
179:newspapers
84:neutrality
47:improve it
612:Processor
597:12 August
572:12 August
544:221183642
95:talk page
53:talk page
446:PRODIGAL
422:See also
408:business
377:Auditing
294:security
288:Overview
209:May 2018
107:May 2015
88:disputed
371:Logging
193:scholar
542:
486:Syslog
298:system
269:socket
265:stdout
195:
188:
181:
174:
166:
540:S2CID
514:NIST
443:DARPA
200:JSTOR
186:books
599:2015
574:2015
448:and
254:logs
172:news
81:The
530:doi
300:or
155:by
647::
590:.
560:.
538:.
56:.
601:.
576:.
532::
414:.
336:.
240:)
234:(
222:)
216:(
211:)
207:(
197:·
190:·
183:·
176:·
149:.
120:)
114:(
109:)
105:(
101:.
91:.
63:)
59:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.