Effective Log Management
Log files are historical records of the running state of hardware and software, storing information on how they are used, errors that occur and application-specific events which detail how users interact with them. Routine review of this information can provide system administrators and computer security teams with insight into how effectively the business is operating and where configuration errors may be causing issues on the network so that they can be remediated before they have wider impact.
Log records are also an immensely valuable source of information for computer security purposes, but their value as part of a corporate intrusion detection and incident response process is largely misunderstood by many organisations; logs are either not collected at all or are collected without consideration for how they might be used should an incident occur. The Effective Log Management project has been commissioned by the UK Centre for the Protection of National Infrastructure (CPNI) to demonstrate the value of this data to the reader and discuss how it can be used to support an efficient response to a network intrusion.