A log is a record of events that occur within a system. Logs contain entries and each entry details information corresponding to a single event that happened. Originally logs served the purpose of troubleshooting common technology issues.

Today all devices produce some form of logs that provide valuable insights beyond troubleshooting.

types of logs

• Network: Network logs are generated by network devices like firewalls, routers, or switches
• System: System logs are generated by operating systems like Chrome OS, Windows, Linux, or macOS
• Application: Application logs are generated by software applications and contain information relating to the events occurring within the application such as a smartphone app
• Security: Security logs are generated by various devices or systems such as antivirus software and intrusion detection systems. Security logs contain security-related information such as file deletion
• Authentication: Authentication logs are generated whenever authentication occurs such as a successful login attempt into a computer

log details

Generally, logs contain date, time, location, action, and author of the action.

log management

Log management is the process of collecting, storing, analyzing, and disposing of log data.

The most important aspect of log management is choosing what to log. Because there is overwhelming data that can come from logs, it’s important to figure out what to log and to cut back on the natural tendency for verbosity within logs. Some information like names, phone numbers, emails, or any PII might not be legal to log.

overlogging

From a security perspective it could be tempting to log everything. This is a common mistake organizations make. Just because it can be logged doesn’t mean it needs to be logged. The excessive amount of logging could result in issues with SIEM tools. It can increase storage and maintenance costs. It can increase the load on systems.

log retention

Some regulations require organizations to retain logs for set periods of time and organizations can implement log retention practices in their log management policy.

Some organizations might need to modify their log management policy to meet regulatory requirements if they work in these industries:

• Public Sector (FISMA)
• Healthcare industries (HIPAA)
• Financial services (PCI DSS), (GLBA), (SOX)

log protection

Protection of logs is vital to maintaining their integrity. Logs can be altered by malicious actors to hide their activity.

Storing logs in a centralized log server is a way to maintain log integrity. When logs are generated, they get sent to dedicated server instead of getting stored on a local machine. This makes it more difficult for attackers to access logs because there is a barrier between the attacker and the log location.