Author Profile - Josh Stephens is the Head Geek and VP of technology at SolarWinds, a leading provider of network management software based in Austin Texas. Josh has extensive experience in network management systems, network engineering, and software development. His 15-plus years of experience in technology include designing and deploying advanced networks and network management systems within organizations including the US Air Force, Sprint, MCI/UUNET, and WalMart. He has received several industry certifications including those from Cisco Systems, Microsoft, and HP.
In today’s world of regulatory compliance, lawsuit scares and wannabe hackers from around the globe – log management should be one of the key pillars of your network management strategy. Yet when I meet with network managers, IT directors and even CIOs, many times they haven’t solidified their strategy in this area and have left themselves open to some potentially serious problems.
Log management is nothing more than your systems and process for collecting, archiving, alerting on, reacting to, and of course documenting the logs and events that your systems generate. Some great examples of these are firewall and IDS logs, Web application logs, and server and application events.
If you don’t have a log management strategy in place it’s easy to get started. Your first step is to get an easy-to-use yet scalable Syslog server. SolarWinds offers a Kiwi Syslog Server free tool to help you get started as well a more robust licensed version, which is great and quite inexpensive. Once you’ve done that you’ll need to configure your devices to start sending their logs and events to them. On a router or firewall this is as simple as specifying the SolarWinds server as a Syslog destination. On a Windows server this may involve installing a free application or agent that will export the Windows events into Syslog or some other standard log message format.
Next, you need to document the processes around what types of messages you want to archive, delete, and alert on as well as the procedures for reacting to the alerts and documenting the issue resolution process. Once you’ve documented these processes and procedures use them as the guidelines for configuring the Syslog application to meet your goals.
Long term you may decide that you need a more robust or comprehensive log management solution and that’s OK. Those applications are going to require more planning and a larger investment. To get started now, check out SolarWinds’ “Syslog Mastery with Free Kiwi Syslog Server” for a step-by-step video tutorial.
Note from The Oldcommguy - Log Management is an essential security and recovery element in many different ways to help protect your Data, Company Assets and Employees. Log Management can be the guide or alert one to required deeper diagnostic strategies, so be sure to have full, not SPAN, access to your network for the deeper time and frame based diagnostics that will be required. Get ready for worst times are coming - Be a Network Scout - "Be Prepared" as we all learned when we were Boy Scouts of Amercia! Log Management is just one part, but an essential one, of being prepared!
Check out all the Free Tools from SolarWinds - Great Resource for all Network Engineers!
Click here - http://www.solarwinds.com/products/freetools/
Many Thanks to SolarWinds and Josh –
I wish you less Stress and More Success - Oldcommguy
Recent Comments