This content is part of the Essential Guide: How to define SIEM strategy, management and success in the enterprise
Problem solve Get help with specific problems with your technologies, process and projects.

Is centralized logging worth all the effort?

Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure.

Is the work involved in implementing a centralized logging infrastructure worth the security benefits?
Absolutely! Network log records play an extremely important role in any well-constructed security program. They help in the detection of anomalous activity both in real-time, as well as reactively during an incident-response event. Centralized logging provides two important benefits. First, it places all of your log records in a single location, greatly simplifying log analysis and correlation tasks. Second, it provides you with a secure storage area for your log data. In the event that a machine on your network becomes compromised, the intruder will not be able to tamper with the logs stored in the central log repository -- unless that machine is also compromised.

Once you establish a central log repository, the next step is to introduce centralized analysis techniques. Many...

organizations fulfill this requirement through the use of a security incident management (SIM) device. A SIM allows you to add a degree of automation to your log analysis process. You can create rules that analyze logs, aggregated from various devices, for patterns of suspicious activity.

The main stumbling block many organizations face when deciding whether to implement centralized logging and/or SIMs is the investment of time and resources necessary to get such an implementation off the ground. Depending upon how long you decide to retain records (many organizations choose to keep them for at least a year), logs can consume massive quantities of disk space. Additionally, SIMs require a significant amount of configuration and tuning to optimize for a particular enterprise.

More information:

This was last published in March 2008

Dig Deeper on SIEM, log management and big data security analytics

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

We monitor our logs either manually or automatically from across an IT infrastructure. Either way, the handling and reviewing of all the data collected is highly resource-consuming. This is where the centralized log management solution enters.

Centralized Log Management is a logging simplifier solution that collects, integrates, and analyzes all fragmented data from various sources in a remote central storage system.

The process significantly saves time and effort that goes into traditional logging management.

Benefits of Centralized Log Management