Friday, September 28, 2007

Interesting Log Management Interview

An interesting interview related to log management is posted here at Cutaway Security. It brings a few well-known, but not less sad :-), points about IT's view of logging. For example,

"Centralized logging is one of the keys to a good security posture.
Percentage-wise, how many companies do you see doing this?

Unfortunately, the customers I have been dealing with are very late
coming to this game. And I am not talking about SIEM either. Just
centralized logging. Many of them have some kind of syslog server with
a few logs getting thrown to it, but very few have any kind of real
centralized logging solution where they can go do forensics and get a
good idea of what was happening in their network as a whole at any given

He also brings up a good point about sensitive info in logs, which I also mentioned here ("logs as PHI under HIPAA"). And, of course, I was overjoyed to see him mention that "log management is crucial to forensic investigations."

Read the whole thing here. More comments on logging, inspired by the above interview are posted here.

Dr Anton Chuvakin