So, Andy plays off my bit on ignoring logs and relates a story where logs proved crucial. Great! However, what is the pink elephant in the room and where is the fat bastard hiding? :-)
[dramatic pause] :-)
Well, Andy discovered the mischief by looking at the logs, but what if the logs weren't there (happily rotated away or erased by the attacker)? Doesn't it just fill you with dread and make you run, not walk to all your systems and cranking the logging up, way up? And then, of course, buying some log management to handle the resulting volume ... :-)
No comments:
Post a Comment