Welcome » IT Booklets » Information Security » Security Monitoring » Activity Monitoring » Log Transmission, Normalization, Storage, and Protection
Network and host activities typically are recorded on the host and sent across the network to a central logging facility. The data that arrives at the logging facility is in the format of the software that recorded the activity. The logging facility may process the logging data into a common format. That process is called normalization. Normalized data frequently enables timely and effective log analysis.
Log files are critical to the successful investigation and prosecution of security incidents and can potentially contain sensitive information. Intruders will often attempt to conceal any unauthorized access by editing or deleting log files. Therefore, institutions should strictly control and monitor access to log files whether on the host or in a centralized logging facility. Some considerations for securing the integrity of log files include