Given that I am closely involved in a log management business, I sometimes have those moments that I see logs everywhere. But guess what? Logs are everywhere! From a server under your desk to satellites to ship systems to personal electronics to telecom equipment to building control systems - logs are indeed omnipresent.
And, at present, such logs are never looked at. How often do you - or, even worse, a typical computer user - look at your Windows (Linux?) workstation logs? I am guessing: when something goes wrong. It is pretty much the same for most of the above logs. And that is how it always was - from the olde times of "The Cuckoo Egg" (and probably even from the times of the ENIAC) to today.
But - and here is the point! - it is changing now. My natural flow of log management shows us that people start looking at common firewalls and servers before they look at operational logs from, say, an elevator in their building, such log sources are out there. However, the time when people will start looking at most of the above logs - and not only after a problem rears its ugly head - is coming ...
Yes, I am being somewhat philosophical here at 21,456 ft, flying back from DoD Cybercrime 2007...
1 comment:
I look forward to viewing logs more often. I'm one of those weird IT guys who enjoys doing the "keeping the lights on" sort of tasks that too many other IT guys shun, like logs. I really hate not having managerial support to take time to view logs regularly. Then when something bad happens, they ask me to look at logs and tell them what is weird. "Well, I have no idea what is supposed to be weird since you don't give me time to look at logs on a daily basis anyway, so all this crap might be perfectly normal."
To me, that should be a goal of log monitoring: being able to tell oddities. If you can't tell what is odd from what is normal, not enough log monitoring is occurring.
Post a Comment