Scribd
Upload
482 views

Log Management Checklist

The document provides a checklist for log management that covers four key areas: 1) log generation, 2) log transmission, 3) log storage and disposal, and 4) log analysis. It outlines questions about which hosts and components should log what types of events and data, how frequently, how logs should be transferred and stored, how long they should be retained, who can access them, and how anomalies should be addressed. The checklist aims to ensure logs are properly generated, transmitted, stored, analyzed, and protected at both the system and infrastructure levels.

Uploaded by

Lacky Krishnan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
482 views

Log Management Checklist

The document provides a checklist for log management that covers four key areas: 1) log generation, 2) log transmission, 3) log storage and disposal, and 4) log analysis. It outlines questions about which hosts and components should log what types of events and data, how frequently, how logs should be transferred and stored, how long they should be retained, who can access them, and how anomalies should be addressed. The checklist aims to ensure logs are properly generated, transmitted, stored, analyzed, and protected at both the system and infrastructure levels.

Uploaded by

Lacky Krishnan
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLS, PDF, TXT or read online on Scribd
You are on page 1/ 1

Log Management Checklist

No Area 1 Log generation Control Status Which types of hosts must or should perform logging Which host components must or should perform logging (e.g., OS, service, application) Which types of events each component must or should log (e.g., security events, network connections, authentication attempts) Which data characteristics must or should be logged for each type of event (e.g., username and source IP address for authentication attempts) How frequently each type of event must or should be logged (e.g., every occurrence, once for all instances in x minutes, once for every x instances, every instance after x instances Which types of hosts must or should transfer logs to a log management infrastructure Which types of entries and data characteristics must or should be transferred from individual hosts to a log management infrastructure How log data must or should be transferred (e.g., which protocols are permissible), including out-of-band methods where appropriate (e.g., for standalone systems) How frequently log data should be transferred from individual hosts to a log management infrastructure (e.g., real-time, every 5 minutes, every hour) How the confidentiality, integrity, and availability of each type of log data must or should be protected while in transit, including whether a separate logging network should be used How often logs should be rotated How the confidentiality, integrity, and availability44 of each type of log data must or should be protected while in storage (at both the system level and the infrastructure level) How long each type of log data must or should be preserved (at both the system level and the infrastructure level)46 How unneeded log data must or should be disposed of (at both the system level and the infrastructure level) How much log storage space must or should be available (at both the system level and the infrastructure level) How log preservation requests, such as a legal requirement to prevent the alteration and destruction of particular log records, must be handled (e.g., how the impacted logs must be marked, stored, and protected) 4 Log analysis How often each type of log data must or should be analyzed (at both the system level and the infrastructure level) Who must or should be able to access the log data (at both the system level and the infrastructure level), and how such accesses should be logged What must or should be done when suspicious activity or an anomaly is identified47 How the confidentiality, integrity, and availability of the results of log analysis (e.g., alerts, reports) must or should be protected while in storage (at both the system level and the infrastructure level) and in transit How inadvertent disclosures of sensitive information recorded in logs, such as passwords or the contents of emails, should be handled. Prepared By Notes

2 Log transmission

3 Log storage and disposa

Acknowledged By

Date

Date

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy