Welcome » IT Booklets » Information Security » Security Monitoring » Activity Monitoring » Log Transmission, Normalization, Storage, and Protection
Network and host activities typically are recorded on the host
and sent across the network to a central logging facility.
The data that arrives at the logging facility is in the format of
the software that recorded the activity. The logging facility may
process the logging data into a common format. That process
is called normalization. Normalized data frequently enables
timely and effective log analysis.
Log files are critical to the successful investigation and
prosecution of security incidents and can potentially contain
sensitive information. Intruders will often attempt to
conceal any unauthorized access by editing or deleting log
files. Therefore, institutions should strictly control
and monitor access to log files whether on the host or in a
centralized logging facility. Some considerations for
securing the integrity of log files include