[logs] Re: on database logging

From: Anton Chuvakin (anton@private)
Date: Wed Mar 21 2007 - 13:46:58 PST

> All the current trend toward legislating compliance has
> accomplished is setting the bar very low, and encouraging
> companies to look only at meeting that standard. I've had
> senior IT managers tell me "We are going to do the exact
> minimum, wherever possible."

No kidding - but, at the same time, those organizations who used to
fly (eh, crawl) BELOW that low bar would benefit if they are kicked
into doing at least *something*. So, I am a bit more positive about
such compliance motivators.

> In log analysis terms, that means that the logs to to a big
> bucket which is periodically dumped into the compost
> heap.

Indeed, this is common but compare this to a) never enabling logging
or b) disabling logging or c) storing logs based on short default
retention policy on each device? A huge improvement, isn't it?

>Nobody'll look in the bucket until someone passes
> legislation requiring people to LOOK at it. And, of course,
> when that happens, they'll do the exact minimum, &c...

Well, this already happened: e.g. PCI. It doesn't define what
"looking" means, but running a log analysis tool sure beats just
running a tape drive to save the logs...

Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Wed Mar 21 2007 - 19:06:12 PST