Tuesday, September 15, 2015

The Importance of Logging

I just found this document from Google with some practical considerations for Logging. Very IT or Software Development oriented, but very useful to have at arm's reach.

Why is Logging so important? Many reasons of which some are
  • you will get compromised -- so be prepared to understand how it happened
  • you will get compromised -- so be prepared to have forensic material
  • you will only realise and know you got compromised after you got compromised. Sometimes it takes months. Strange entries in logs is often how you first suspected something was going on.
On top of this, logs give very interesting insight and data to further operational intelligence and analytics. They can even be a source of business on its own.

Finally, Logging and Monitoring come hand in hand. Whereas Monitoring a Network or a Plant is more of an immediate type (alarms, green/red lights, instant indicators), trending and long-term time series analysis is effectively a child of Logging. Integration is the key word.

The detail to which Logging should be set, how to consolidate different sources and formats, how to time-sync sources for consistency, how to tie Logging with Auditing and upper-levels Reporting, etc., can be left for later -- if you must -- but the basis must be there.

Save budget, resources and effort to think about Logging right fro the beginning.

No comments:

Post a Comment