As promised, I am following my Top 11 Reasons to Collect and Preserve Computer Logs with just as humorous and hopefully no less insightful "Top 11 Reasons to Look at Your Logs."
- The first reason is again disarmingly simple (is it :-)). Read PCI DSS lately? Glanced at HIPAA? Suffer under FISMA? Yup, all of the above say that you must not only have, but also review logs periodically.
- Are you 0wned? How do you know if all your logs are stashed on a tape in a closet? Look at them! Now!!
- An incident happens. Really, who needs extra motivation to look at logs in this case? Duh! Logs for incident response is a "no-brainer" use case for log review.
- Users - from CEO to a janitor. You might have to know what they do on your IT systems! How? Read the logs! Everybody leaves tracks.
- Logged system errors. Sometimes they are stupid, sometimes - benign. However, often they mean that "stuff" is about to hit the fan. Periodic review of logs reveals them and saves the day.
- Network slowed to a crawl? Applications are slooow? Server is not ... well, serving? :-) Where is the answer? In the logs, but you need to read them and understand them.
- That policy you wrote a few months ago. Anybody following that? Anybody remembers that? Halloooo! Check the logs and you'd know.
- You know your auditor might check your logs. But did you know they might also check whether you looked at them? Did'ya? Review the logs and leave the record of this activity!
- Change can be good. But then again, it may be the sign that your controls are lacking. Who changes what and when? From what and to what? Just review the logs.
- Now, you hate looking at logs. You have too many! In this case, look at a specific subset of logs that you never saw before- NBS. Or just deploy log management that can do it for you.
- Logs can help you predict the future (if you review, know and love them :-)). Don't believe it? If you read them for long enough, you develop an ability to - gasp!- predict the future, albeit mostly future problems :-)
Coming soon: "Top 11 Reasons to Secure and Protect Your Logs"!