Log Management - Pre-requisite to Ensure Network Security

Logs give you first hand information about your network activities. Log management ensures that the network activity data hidden in the logs is converted to meaningful, actionable security information. Log management is a pre-requisite for Network, Security administrator to keep the network secured.

Log management comprises of log collection, secured storage, normalization, analysis, reports and alerts generation.

The logs are analyzed to generate reports and alerts

There should be canned, customizable, custom, and scheduled reports in different formats and distributable.
The alerts should be notified in real-time. There should be more notification mechanisms and even other program should be executed to carry out remedial measures

The logs need to be analyzed to get a full picture of the network security events

The logs from heterogeneous sources should be normalized to have a common format. This is required to analyze and correlate

- The log data needs to be stored in archive for forensic analysis and regulatory compliance requirements.
- The log data storage should secured (e.g., encryption)
- Also, the storage should be tamper proof
- The retention duration should be flexible (preferably user configurable)
- The storage location, media also should be flexible (read only media, mass storage system, etc.)

- Log collection needs to be unintrusive.
- Logs need to be collected from diverse set of devices, servers and applications available in the network.
- Log collection should be preferably without an agent. In some network environments, log collection using agent should be available optional.