Log management is a pain
Monday night in one of my intro security classes I had part of my lecture cover logging. I asked the class if anyone had experience with logs or managed them in a production environment. One student said that it took up to much disk space to capture everything and who has time to go blind parsing through logs. Since this wasn’t an advanced class I wasn’t amazed by this response. But I was by the fact that this student was an administrator. I know I have been in the field for a while but log management always seemed like a critical aspect of system administration. So for an administrator to not care about logs was a shock.
True log management is a pain. You have to enable everything to be logging. Then you have to copy all the logs to a central location for storage and parsing. Then you have to manage the log volume and “find the needle in the haystack” when something happens. Logs can be used for everything from performance tuning, security issues, application or network troubleshooting and node level issues. I have used statistics collected from logs for getting IT budget increases, salary increases (w00t!) and persuade managers to take proactive action before unwanted events occurred.
So while reading some old security feeds I found a post about logs. Actually its a blog that has some great security related post. The post I’m linking to today is about logs and how a recent rise in the blog sphere has focused on logs. So if your a newbie to logs check out Anton Chuvakin Blog and his post on “Fun Reading on Logs and Log Management“.
