Some time before the recent SANS Log Management Summit, somebody asked me: What are the top three trends in the log analysis industry?
I figured why not also post my answer for all to see. So, here they are (slightly edited for clarity):
- Rapid increase in the breadth of log sources that people care for (and thus collect data from): it used to be just firewall and IDS logs, then servers, and now it is expanding to all sorts of log sources - databases, applications, etc (see more information on this here)
- This might sound boring, but it is still a major trend: more regulations, governance frameworks and standards will cover logs and logging. Just look at recent PCI, NIST 800-92 and a few others (including my very favorite - CEE where work is just starting up
- There is also a trend towards auditing more access and more activity through logs; for example, few of the file server, storage or database vendors cared much about logging, but now they do (well, some do and some start to :-)). What used to be just about "access to information" is now evolving into "auditable access info." More discussion of this is here.
Comments? Additions? Criticism? Silence? :-)
2 comments:
How about centralization? I see more organizations moving towards a few exceptionally hardened servers with SAN connectivity for usability, integrity, consolidation, etc.
Yes, true. However, this has been going on for a while and some folks are actually trying to have LESS of it by using more distributed log processing models (even if with centralized control...)
Post a Comment