Monday, June 30, 2008

Fun Reading on Logs and Log Management

I am amazed (no, AMAZED!) about how many people now write about logs; it is definitely not "the original logging evangelist" anymore :-) Here is a quick sample, useful for those struggling with logs (aka "everybody" :-))

  1. A very fun read from Patrick Mueller (ex-Neohapsis now turned lawyer): "Facing The Monster: The Labors Of Log Management." I am happy that log management has been finally granted a monster status :-)
  2. I am happy to see that one of the "five questions to ask before sending your data in the cloud" is "Will I have access to logging and auditing data?" This is indeed a big deal (well, it will be soon) and you will be hearing more about this. I call this "a case of log ransom," since you might need to pay the ransom to see what is "yours" - the logs
  3. Again on leaving [some] logs behind. Remember, the point is not that "collecting all" is a good idea, it is that figuring what to pick is IMPOSSIBLE, while "collecting all" is simply very hard :-)
  4. This is hot stuff: "Ten reasons you will be unhappy with your SIM solution" (no, I didn't write it :-), but this is mine)
  5. Why HA for log management from our star engineer. Those thinking about the reliability of their logging systems should read it.
  6. Fun info on web server log analysis for different purposes.
  7. "Why Logs and Logging Matters - Part 1" and "Why Logs Matter - Part 2, A Letter" present really good intro logging for compliance and other purposes (even specifically saying "what you do with the logs that matters.")
  8. "Smart Business Leaders Support Effective Log Management Practices and Necessary Resources" from Rebecca Herold is a nice basic piece, especially for those outside the circle of logging literati.
  9. More from Sanford on logging standards: "Drawing Lines", an awesome post indeed.
  10. A MUST read on SIEM and log management from Greg Shipley (I promise this is a coincidence! :-)) In this piece, Mr Neohapsis drop kicks more than a few "latest generation" SIEM tools. Guess which product review mentions "pain" 3 times on one page :-)
  11. Finally, this is also worth a read: "Ode to Log Management" where Mr Baum laments logs being pigeonholed in to "another IT management tool" silo despite their broad relevance. He is right - but focusing on one use case after another works...

Enjoy!

Dr Anton Chuvakin