Chapter 13. Beautiful Log Handling

Anton Chuvakin

A well-thrashed maxim proclaims that “knowledge is power,” but where do we get our knowledge about the components of information technology (IT) for which we’re responsible—computers, networking gear, application frameworks, SOA web infrastructure, and even whatever future, yet-uninvented components come our way? The richest source of such information, almost always available but often unnoticed, are the logs and audit trails produced by the systems and applications. Through logs and audit trails, along with alerts, information systems often give signs that something is amiss or even allow us to look into the future and tell us that something will be amiss soon.

The logs might also reveal larger weaknesses, such as lapses in our controls that affect regulatory compliance. They even impinge on IT governance and, by extension, corporate governance, thus going even beyond the IT realm where they surfaced.

However, more often than not, such logs contain merely data (and sometimes junk data!) rather than information. Extra effort—sometimes gargantuan effort—is needed to distill that data into usable and actionable information about IT and our businesses.

Logs in Security Laws and Standards

To start at a very high level, logs equal accountability. This idea is not new; it goes all the way back to the venerable Orange Book (“Department of Defense Trusted Computer System Evaluation Criteria”), first released in 1983. Under the “Fundamental Requirements” ...

Get Beautiful Security now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.