A Concept for Total Log Management

The concept of total event log management includes the following components:

1) Monitoring
Real time monitoring of log files with notification capability

2) Collecting
Collection and consolidation of event logs

3) Reporting
The ability to quickly mine and filter through logs and provide a report on specific events or event trends

Log files should be monitored in real time for specific events of interest - not every failed log in (so, make sure threshold notification is available). Monitoring and notification helps catch problems before the future audit, providing for a proactive approach to network trouble today, rather than tomorrow. And, this of course translates into faster return on investment as the results not only prove true with automation of daily tasks, but with the daily systems monitoring and troubleshooting.

Because the other goal of event log management is the ability to audit or perform forensics on log files, the robust collection system is critical: It ensures a reliable audit trail for the future. With that reliable archive of event log files, comprehensive analysis and reporting is much more easily accomplished.

If however, a reliable mechanism for quickly sorting log files is not in place, the benefits of the strongest monitoring and archiving solutions will not be realized. A trusted event filtering and log report generation software ensures maximum return on your investment as well as no additional finger pointing in the wake of a network crisis.

Other resources:

Total Event Log Management Solution from Dorian Software Creations, Inc.
This suite of event maintenance solutions - including Event Alarm, Event Analyst, and Event Archiver - covers all three of the components in the total log management concept as explained above.