Home > Information Security Magazine > Features > Log Wild
EMAIL THIS LICENSING & REPRINTS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

Log Wild
by David Strom
Issue: Oct 2007
printer-friendly
licensing & reprints
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >

Three Steps Toward Better Logging
Despite the complications, there are three simple steps organizations can take to make logs more manageable.

  1. Separate your logging needs into three functional areas and look at what you need from each. These areas are the log collection process, the data repository where these logs are stored and the business analytics surrounding their use. Often, log management and SIM tools will serve one or two of these functions or perform different kinds of analysis, driving many enterprises toward buying separate products.


  2. Consider the chain of legal custody when designing a log management scheme, so your log archive can be used as evidence and stand up in court. "There is a lack of controls over the process for accessing logs, and there are serious questions about who should be able to view sensitive data and how to handle the chain of custody when handling log data too," says Nokia manager of corporate IT security services Jay Leek.

    Generally, log management tools focus more on preserving a chain of custody than SIMs, which normalize data for correlation and analysis. "You want to have the shortest custody chains possible," says ArcSight's Hugh Njemanze. "We put our log management system in front of our SIM, so it becomes the repository of record. This means that the SIM isn't part of the chain of custody."

    Chris Pick of NetIQ adds: "You want any event collector to digitally sign the collection to ensure the nonrepudiation of that data source and to make sure your logging events aren't tampered with." For example, NetIQ provides agents that will guarantee the delivery of log information into its repository, and digitally signs this information too.


  3. Balance costs and benefits with security and compliance needs. "The cost of noncompliance can determine the overall log management requirements for the enterprise," says Pick. "It isn't a one-size–fits-all type of offering."

    Also, steer clear of creating homegrown solutions because the support costs can add up over time. "Homegrown log management scripts are expensive and exist in every organization. Generally, only one person knows how these scripts work, and the environment is often constantly changing," says Leek.
--DAVID STROM

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   NEXT PAGE  >





TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Advanced Search | Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts