 Log Management SolutionsLog management (LM) comprises an approach to dealing with large volumes of computer-generated log messages (also known as audit records, audit trails, event-logs, etc). LM covers log collection, centralised aggregation, long-term retention and log analysis (in real-time and in bulk after storage). Systems administrators usually perform LM analysis for reasons of security, of operations (such as system or network administration) or of regulatory compliance. Effectively analysing large volumes of diverse logs can pose many challenges such as huge log-volumes (reaching hundreds of gigabytes of data per day for a large organisation), log-format diversity, undocumented proprietary log-formats (that resist analysis) as well as the presence of false log records in some types of logs (such as intrusion-detection logs). Users and potential users of LM can build their own log management and intelligence tools, assemble the functionality from various open-source components, or acquire (sub-)systems from commercial vendors. Typical reasons why people perform log analysis are:
Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device. A stream of messages in time-sequence often comprise a log. Logs may be directed to files, stored on disk, or directed as a network stream, directed to a log collector. Log messages must usually be interpreted with respect to the internal state of its source (e.g., application) and announce security-relevant or operations-relevant events (e.g., a user login, or a systems error). Log Management Solutions NetIQ |
