The Importance of Logs
Most auditors are well aware of the importance of logs. However, many of their clients are not, and usually need to be reminded periodically.
Much of the literature on security breaches deals with prevention. And prevention is important, no question about that. However, breaks cannot always be prevented, and when they do occur, logs are critical to determine what happened, what vulnerabilities led to the success of the attack, and what can be done to prevent another one.
Logs often present an issue to system operators or management because they can slow down a system, and response time is even more important than it used to be, since users have little or no patience with slow responses. The issue, therefore, is to balance the security needs of the company with system performance.
When logs are turned on, they need to be configured to identify the systems for which data is to be gathered, specify the level of security to be used for key components of the system and establish the level of detail to be recorded for events.
The level of security and the level of detail gathered are crucial to the potential drag on system performance. They therefore need to be set according to the security strategy of the company and so as not to gather unnecessary data. So well planned configuration is the key. This article discusses this issue and provides some useful guidance.