I find it somewhat funny when Italk to IT folks about what they are doing for compliance and security initiativesand they tell me they collect log events. When I ask what are they doing withthem they simply respond with "storing them in case we needthem".
But there is so much more you cando with them! Having the right tools in place can provide you with a fountainof information. Not only will you find out more about what employees are doingon the network, you could be more progressive and proactive on events that takeplace. No one wants to get the call from above that asks.... "why is thishappening" and not have the answer or take a day or two to find it.
If you were effectively managingthe events on the network you could ideally take action on events right afterthey take place to ensure nothing catastrophic happens and you could even setparameters to ensure certain events never take place in the first place.Frankly you can be the shining star in an area that is typically underappreciatedanyway. So giving yourself and your department the tools to fly under the radaris a good thing. Really the only time and IT department get recognized is whensomething goes wrong and frankly I think we can all agree is not a good thing.So the more you can do and put in place to prevent that type of recognition isfantastic. Plus if you are able to leverage the investment come audit time andprovide the level of detail an auditor needs quickly and easily maybe… justmaybe the department will get a well deserved pat on the back.
So what’s my point? Well I amglad you asked. Event logging and change reporting for applications andservices in the enterprise is cumbersome, time-consuming and, in some cases,impossible using native auditing tools. Natively you don’t have a centralconsole, you’ve got to repeat the process for each server, and you end up witha huge volume of data. That means proving compliance or reacting quickly toevents is a constant challenge. So again what’s my point” For a successful log management initiative you need actually UNDERSTAND yourlogs, not just possess them! Investigate the tools thatare out there designed to help you and leverage them. It the long run theinvestment will more than pay for itself and you can remove one layer of chaosfrom your daily activities!