"Centralized logging is one of the keys to a good security posture.
Percentage-wise, how many companies do you see doing this?
Unfortunately, the customers I have been dealing with are very late
coming to this game. And I am not talking about SIEM either. Just
centralized logging. Many of them have some kind of syslog server with
a few logs getting thrown to it, but very few have any kind of real
centralized logging solution where they can go do forensics and get a
good idea of what was happening in their network as a whole at any given
He also brings up a good point about sensitive info in logs, which I also mentioned here ("logs as PHI under HIPAA"). And, of course, I was overjoyed to see him mention that "log management is crucial to forensic investigations."Read the whole thing here. More comments on logging, inspired by the above interview are posted here.