Which logs are relevant to your company?
In some circumstances, the answer is “all of them,”. Additionally, these requirements apply to all “system components,” which is defined as “any network component, server, or application included in, or connected to, the financial transactions environment'. Network components include, but are not limited to, firewalls, switches, routers, wireless access points, network appliances, and other security appliances. Servers include, but are not limited to,Web, database, authentication, Domain name system (DNS), e-mail, proxy, and Network Time Protocol (NTP) servers. Applications include all off-the-shelf and custom-built applications, including internally facing and externally facing Web applications.
However listed below, a few common uses for log information, taken from Tony Bradley books about PCI compliances
- Threat Detection Historical Host Intrusion Detection Systems (HIDSes) from the 1990s looked at audit trails and logs in search of patterns and strings in logs, and raised alerts upon seeing them.Today, hunting for signs of hacking attempts (as well as successes in the form of "compromise detection") in logs is just as useful.
- Incident Response and Troubleshooting When a system is hacked, logs are the most informative, accessible and relatively easy to analyze (compared to full disk images) form of incident evidence.
- Audit IT auditors as well as PCI assessors commonly ask for logs from inscope systems.
- E-discovery While some say that a possibility of a subpoena or an e-discovery requests provides a compelling reason to not have logs, in reality, hiding one's head in the sand is unlikely to work in this case.
- IT Performance Management and Troubleshooting Network is slow? Looking at logs will help find out why.
- Network Management While log pundits might argue on whether a Simple Network Management Protocol (SNMP) trap is a kind of log record, logs are useful for many bandwidth management and network performance measurement tasks that are common in IT.
- Compliance Just about every recent regulatory compliance or "best practices" framework touches on audit logs.