Log Management Is More than Meets the Eye

Lora Bentley

Quick! When someone mentions "logs" in the same sentence with "compliance," what's your first thought?


If yours is like a lot of companies, says LogLogic's Anton Chuvakin, it's probably something along the lines of "Oh, sure. We have logs. We're fine."


But the truth is, you're not fine. In a recent IT Business Edge interview, Chuvakin reminded us that having logs somewhere in cold storage isn't enough when it comes to compliance requirements. Regulations from PCI-DSS to Sarbanes-Oxley to HIPAA require some level of log management, he said:

Most regulations that require logging actually cover three things. They require having logs, which means you have to have systems enabled so that the log will be produced...Second, they cover log retention, which means keeping those logs for a certain period of time...Finally, believe it or not, there is a requirement to review logs...

As for which regulations require what, Chuvakin says the details differ depending on the regulation:

PCI-DSS is specific about retention. You have to keep logs for a year. In the case of HIPAA, it's a little more fuzzy. It's organization-specific and you determine it yourself based on certain considerations ... The same applies for review (monitoring). Some regulations are more specific. They require daily review or automated review or monitoring in real time. Others just say, "Make sure you look at the logs."

Never fear, however. Most log management can be automated:

You can automate just about everything apart from making a decision about what needs to be done as a result of the data from the logs... You can look at the reports and say, "I can't believe this is going on! I need to go do X, Y, Z." And then you do it. But everything up to that point can be automated.

Add Comment      Leave a comment on this blog post
Oct 18, 2007 12:16 PM Kannan.M.S. Kannan.M.S.  says:
Some of the logs/Data retention beyond stipulated period also has to be borne in mind while mapping them to SLA that would provide some relief. Also it is desirable &essential at the agreement stage itself to specify the log logics similar to that of customer Data back up retention extraction period /timelines to avoid ambiguity or embarassment. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.