Thursday, July 05, 2007

Top 11 Reasons to Look at Your Logs

As promised, I am following my Top 11 Reasons to Collect and Preserve Computer Logs with just as humorous and hopefully no less insightful "Top 11 Reasons to Look at Your Logs." 

  1. The first reason is again disarmingly simple (is it :-)). Read PCI DSS lately? Glanced at HIPAA? Suffer under FISMA? Yup, all of the above say that you must not only have, but also review logs periodically.
  2. Are you 0wned? How do you know if all your logs are stashed on a tape in a closet? Look at them! Now!!
  3. An incident happens. Really, who needs extra motivation to look at logs in this case? Duh! Logs for incident response is a "no-brainer" use case for log review.
  4. Users - from CEO to a janitor. You might have to know what they do on your IT systems! How? Read the logs! Everybody leaves tracks.
  5. Logged system errors. Sometimes they are stupid, sometimes - benign. However, often they mean that "stuff" is about to hit the fan. Periodic review of logs reveals them and saves the day.
  6. Network slowed to a crawl?  Applications are slooow? Server is not ... well, serving? :-) Where is the answer? In the logs, but you need to read them and understand them.
  7. That policy you wrote a few months ago. Anybody following that? Anybody remembers that? Halloooo! Check the logs and you'd know.
  8. You know your auditor might check your logs. But did you know they might also check whether you looked at them? Did'ya? Review the logs and leave the record of this activity!
  9. Change can be good. But then again, it may be the sign that your controls are lacking. Who changes what and when? From what and to what? Just review the logs.
  10. Now, you hate looking at logs. You have too many! In this case, look at a specific subset of logs that you never saw before- NBS. Or just deploy log management that can do it for you.
  11. Logs can help you predict the future (if you review, know and love them :-)). Don't believe it? If you read them for long enough, you develop an ability to - gasp!- predict the future, albeit mostly future problems :-)

See also: Top 11 Reasons to Collect and Preserve Computer Logs

Coming soon: "Top 11 Reasons to Secure and Protect Your Logs"!

Technorati tags: , , ,


Richi Jennings said...

Nice list. Might I suggest another reason?

12. Looking in your web server logs for advance-fee fraudsters' search terms can be an endless source of amusement.

See Evidence of 419 Scam Targeting Using Google at

Anton Chuvakin said...

Correct - in fact, if we go to specific types of logs (e.g. web, mail), the numbers of reasons to review them multiplies ....

Dr Anton Chuvakin