Appropriate log management tools can greatly reduce the burden on managing enterprise system log data. However, unless organizations put a certain amount of time and effort into this tool, the best tool will soon become a poor tool. The following six best practices for log management are provided. The appropriate information & nb log management tools can greatly reduce the burden on managing enterprise system log data. However, unless organizations put a certain amount of time and effort into this tool, the best tool will soon become a poor tool. The following six best practices for log management are provided. If you are not prepared to invest time and energy in installing and managing log management tools properly, do not waste your money on the log management system. The log management system must be properly configured to correctly parse the events and logs in your network so that the reports can be of commercial and technical value. Another "stupid" error is that you miss critical security events because you do not browse and review the warning console. Therefore, do not make mistakes that only focus on log management technology and do not focus on system usage. It is a time-consuming process to streamline RFP (request proposal) and create RFP (request proposal, requirement statement) through predefined requirements. Once defined, some requirements can be reused in the subsequent RFP. This is common when developing log management requirements, because the basic requirements of log management (such as the log file format, data written into the log file, and so on) are the same, it can be pre-defined. Another benefit of using predefined requirements is that this ensures that requirements are consistent while streamlining the RFP cycle. Make sure you have the required information. in order to write valid Association rules, the log management system must have sufficient context data for analysis. For example, to determine where a specific traffic or behavior comes from, you need to know the source IP address information, which means that the log management system must first record the IP address information, in this way, the engine can parse it. For example, if you want to write a log analysis rule to alert the behavior of the target device or application, the relevant log data must first record the behavior. Not limited to static analysis. The last thing most organizations need to do is to enter data that does not have an overall analysis model into another large table, and then use this large table for event analysis. Alarms set based on the baseline of expected or acceptable behaviors are generated by analyzing the features of a single record in a large table and by analyzing the features of a set of records. Consider the logon records of key databases. Generally, the two logon failures are set to the baseline that triggers the alarm. However, if the password policy of the database system changes from using simple dictionary words to using more than eight non-dictionary word strings, the baseline for the number of logon failures may increase because the user needs to adapt to the new policy. Log management systems with intelligent sensing capabilities should be able to adjust to monitor development trends and provide feedback to administrators. The administrator can temporarily change the alarm threshold using this trend information. Using log data to describe what is happening or is an excellent source of information for fault detection ". In most cases, all the information required by the user to determine the cause of the fault can be found in the log file. During the crisis, managers often have to enter the passive mode. they can only judge what is happening by intuition, speculation, and piecing together irrelevant information that cannot be further divided. Logs are records of real events. the log management system allows management personnel to write and generate reports for fault information in real time, so as to tell the response team what happened in the network. Beyond the scope of security, the log management system is an excellent security equipment information collection and analysis tool. it can be used not only for security awareness, but also for other purposes. For example, you can use this information to analyze the customer experience of the top ten business relationships. Many WEB application analysis systems cannot provide fine-grained views that demonstrate real customer experience. Well-designed application system logs can record these customer experiences. the log management system can use these logs to analyze the customer experience and extend the application field of the log management system to security analysis.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.