Enterprises are swimming in a sea of logs. The deluge includes: there are sserver logs, security logs from security systems such as firewalls and and IDSes, event logs from network infrastructure devices likesuch as routers and access gateways, andand then there are logs from various software and hosted services too. Making it even more overwhelmingdifficult is that this information isn’t necessarily collected in a way to resolve security incidents in real time, or to troubleshoot situations that involved multiple parts of the enterprise network infrastructure.
You can read the entire article (called “Log Wild”) published this month in Information Security magazine.