Log management

Log data

Log data are records of changes and the operation of computer systems.

Log management usually combines the logs of all IT systems in a computer network at a central point, the log management system.

With log management, companies can be supported in complying with various international standards such as PCI DSS , HIPAA, SOX, etc., and in many cases they are also mandatory to implement (keyword: traceability ). Auditors and legal advisors can therefore also check the handling of log data or the existence of log management in the course of audits . Depending on the context of the audit, this can go as far as requiring audit-proof archiving of the log data .

Security Information and Event Management (SIEM)

In addition to the audit-proof archiving of the log data, there is often a need for real-time correlation and alerting of security incidents. This is called Security Information & Event Management (= SIEM). SIEM solutions are mostly based on log management.

The system and security log data from servers, switches and firewalls and other systems and applications provide information about security incidents and undesired occurrences in case of doubt. The collection and archiving or forensic securing can, however, be a complex matter that can be implemented with a so-called security information and event management system.

Log formats

Above all, the lack of a general standard for defining log entries makes it difficult to centrally evaluate and correlate the data. The manufacturers supply a wide variety of log formats from Windows event log format to Linux logs , syslogs and generic ASCII logs , which have to be translated and stored centrally. The syslog format, which is mainly used for network components such as switches and firewalls , also has the disadvantage as a UDP protocol that no secure transmission of the logs is guaranteed.