Log Management Best Practices

log event compliance

Log (event) management is the collection, analysis (real-time or historical), storage and management of logs from a range of sources across the enterprise. It is the foundation for comprehensive security information and event management (SIEM). Organizations which develop best practices in log management will get timely analysis of their security profile for security operations, ensure that logs are kept in sufficient detail for the appropriate period of time to meet audit and compliance requirements, and have reliable evidence for use in investigations.

Businesses face a number of challenges that make best practices in log management an increasingly important part of an overall enterprise IT security strategy. These include the need to control the vast amounts of data being generated by more and more systems, the increased requirements of today's regulated environment and a new breed of more advanced attacks.

By establishing best practices in log management, information executives can bring tremendous value to their organization by avoiding costs and increasing efficiencies in areas such as compliance, risk management, legal, forensics, storage and operations. Best practices in log management should be based on the requirements of applicable regulations and standards, guidance from legal counsel, business and operational objectives, and risk analysis.

Although best practices should be developed by each individual organization based on their particular environment, there are some general best practices which can be universally applied. This paper is intended to help organizations develop their own comprehensive set of best practices by providing a set of 40 recommended best practices covering logging policies, procedures and technology; log generation and capture; log retention and storage; log analysis; and log security and protection.

• Definition of Log (Event) Management
• Why do Logs Matter for Security and Compliance?
• Challenges Addressed by Log Management
• The Business Value of Best Practices in Log Management
• Inputs Into Your Organization's Best Practices
• Recommended Best Practices
  • I. Logging Policies, Procedures and Technology (LP)
  • II. Log Generation and Capture (LG)
  • III. Log Retention and Storage (LR)
  • IV. Log Analysis (LA)
  • V. Log Security and Protection (LS)
• Conclusion
• Solutions for Implementing Best Practices
• Appendices
  • Appendix 1—Sources and Contents of Logs
  • Appendix 2—Compliance Requirements for Log Management