Log management

Log management is the process for generating, transmitting, storing, accessing, and disposing of log data. A log data (or logs) is composed of entries (records), and each entry contains information related to a specific event that occur within an organization’s computing assets, including physical and virtual platforms, networks, services, and cloud environments.^[1]

The process of log management generally breaks down into:^[2]

Log collection - a process of capturing actual data from log files, application standard output stream (stdout), network socket and other sources.
Logs aggregation (centralization) - a process of putting all the log data together in a single place for the sake of further analysis or/and retention.
Log storage and retention - a process of handling large volumes of log data according to corporate or regulatory policies (compliance).
Log analysis - a process that helps operations and security team to handle system performance issues and security incidents

^ NIST SP 800-92r1, Cybersecurity Log Management Planning Guide
^ Kent, Karen; Souppaya, Murugiah (September 2006). Guide to Computer Security Log Management (Report). NIST. doi:10.6028/NIST.SP.800-92. S2CID 221183642. NIST SP 800-92.

[1] NIST SP 800-92r1, Cybersecurity Log Management Planning Guide

[2] Kent, Karen; Souppaya, Murugiah (September 2006). Guide to Computer Security Log Management (Report). NIST. doi:10.6028/NIST.SP.800-92. S2CID 221183642. NIST SP 800-92.

[1]

[2]

Log management

From Wikipedia, the free encyclopedia · View on Wikipedia