Friday, November 09, 2007

Logging Poll #2 Analysis

Oh, shucks! My latest logging poll "Why Collect Logs?" (vote here, results so far) is hugely unpopular :-), unlike the previous one (vote here, live results here, analysis here) - it received only 1/10th of the results!

Why? I am guessing:
  • entries too long
  • too many entries
  • real people hate 'why' questions :-)
In other words, I dunno 'why' you hated it :-) Here is the analysis so far, based on just 41 votes (unlike 350 in the previous one)

First, people collect logs mostly for operational reasons - the winner is "We need logs to troubleshoot system/network failures, errors and other availability issues." Combined with #2 reason, that was also operational, security is overall #2 reason for log collection while regulatory compliance is #3.

Second, PCI DSS is the only compliance reason that motivated my readers to collect logs (SOX was a remote second; others - non-existent) - no surprises: PCI DSS directly mandates log management in its Requirement 1o.

Third, as far as security use of logs is concerned, investigations of attacks beats detection of attacks (12:7)

Next poll up soon!

Dr Anton Chuvakin