As part of my day to day job, I often go on and on about how Hardware and software components on corporate networks generate a wealth of network/system/application activity information in the form of event log records.

    Making sense of these records is however a slow and tedious process without the right tools; one which often leads system and network administrators to give up on using event logs as their primary source for network-wide security information. I’ve seen horror shows where an administrator was attempting to grep through the logs of all of his firewalls, setting up scripts to aid in log forensics and the whole process caving in on itself as that same admin realized... I can’t spend X amount of hours a week dealing with this issue.

    Today, industry standards such as Sarbanes Oxley, and the Payment Card Industry Data Security Standard (PCI DSS) have made the auditing of IT infrastructure logs a requirement; making event log management a task that cannot be ignored or put aside anymore.

    So tell me why day after day I see administrators and engineers hard nosed about building their own solution? Why do I have to show them day after day that there’s a much more efficient way of managing those logs which will free up resources for a zillion other things. There are better options out there.

    A Log Management and Intelligence solution (LMI for short) can aid you in root cause analysis of network trouble, system failures, application trouble. It can help you see the worst case scenario’s such as a network breach, to see where that compromised account or source IP went. Logging ALL of your network/system/application data will help you correlate that data in one place, to identify problems, to do forensics, to adhere to industry and government mandates and to identify problems AS they happen.

It’s a whole new IT landscape. What’s your Log Management Solution?

(photo stolen from xkcd.com - the greatest geek comics in the world.)