It might strike you as odd that I'm labeling "log management" as a technology, but that's how I think of it. Yes, technically speaking there are several different technologies that fall underneath the log management umbrella but comprehensive products and strategies in this area cover them all.

What is log management? It's the art of creating, capturing, consolidating, reporting, and alerting on events and log messages. If you're a Windows system administrator you'll most likely focus on Windows event log analysis, analysis of the IIS logs, and any relevant application logs. If you're a Unix system administrator you're probably leveraging syslog and well ad tailing several local log files and if you're a network engineer you're probably capturing syslog messages and SNMP traps. Regardless of which infrastructure type you're focused on chances are that the systems you're responsible for are capable of creating some sort of logs. VM Ware virtual servers, Storage Area Networks (SAN) devices, Intrusion Detection Systems (IDS), firewalls and VPN concentrators, WAN accelerators - all of them create and send logs.

In their native state, few of these logs are really all that useful from an operations point of view; however, if you combine these logs with an intelligent log management SIEM tool that is capable of consolidating the logs, interpreting their content, and triggering alerts when necessary - then you've added a critical component to your management strategy.

If you'd like to learn more about log management strategies visit this page and browse down to the "Black Art of Log Management Webcast".


Flame on...
Josh
Follow me on Twitter