Do you know how important it is to manage your system logs? From mom and pop businesses to large
enterprise, administrators should know the importance of configuring and managing the events coming
from their servers, routers, and other devices. First and foremost let's start with what the term
“event log” is. An event log by definition is a distinct set of files that record important events on your systems.
So, what does that even mean and why is that important?
To answer this, you'll need to know a little background. The idea of system logging originated with the sendmail
project in the 1980's. The project's creator, Eric Allman, saw the need for automated debugging messages to
troubleshoot problems sending and receiving email. He created the syslog protocol to capture and store
these messages. The rest of the Unix community quickly saw the value of this tool, and it rapidly spread to
other systems and devices. The initial problem was that not everyone was using the same message
format, resulting in the IETF (Internet Engineering Task Force) releasing RFC 3164. This defined and
standardized the syslog protocol.
Today, nearly every device with an operating system implements some sort of system logging. On Windows
servers, it's the Event Log that you sort through using the Event Viewer. Unix/Linux systems all ship with
some flavor of syslog software like rsyslog, or syslogd. Networking devices also come with a tool to view
and/or send logs to central server, from the highest end Cisco router to the simplest Linksys router sitting in
end-user's homes. These devices send messages regarding nearly every aspect of their functioning. From
informational messages about day to day device usage to failing hardware or device over-utilization.
As an example, a client firm (that I've been working with recently) manages networks and servers for a variety
of customers. They were looking for a way to more efficiently manage a wide variety of devices for clients in
dozens of locations. We decided to try a cloud based logging server which any client could send encrypted log
data to.
In the process of setting this up, we discovered messages warning about low disk space, fan failures on power
supplies, and hardware and software misconfigurations that were impacting performance, amongst others.
He was able to prevent system downtime by scheduling after hours maintenance to repair equipment
before it failed completely. In addition, he helped improve network performance for several clients by looking
at the logs and taking action on poorly configured devices.
Your system logs can also help with system security. By monitoring your logs, you can catch unusual activity
or attempts to compromise your systems. If you're unfortunate enough to be hacked, it's also a great
forensic tool for discovering the source of attacks and the methods used to compromise your systems.
Another major use of event log management is to satisfy the logging portion of compliance standards
such as HIPAA, SOX, or PCI. If you are responsible for adhering to any of these, you are required to have a
logging solution in place.
Heard enough? Getting started is simple. You'll need to set up a centralized logging server, then configure
a few devices to send their logs to that server. For Windows servers, you'll need a third party tool to
convert the logs to the proper format, but for Unix/Linux systems and network hardware, just point the logs
to the device and you're set.
Share This
Email
Facebook
Twitter
Read Request
My Library
Subscribe
Flag Writing