Sudama is going to meet an IT Firm‘s Primary Administrator today. He will ask the following questions to the Administrator.
Are you protecting the confidentiality, integrity, and availability of log. How do you ensure security of your system? Do you have any mechanism to assist IT Admin team regularly perform effective analysis of log data.
Sudama is already very Old, during his times IT Firms were smaller in every aspect. He joined at a junior level during his early career. From their he got into the core of Server Monitoring and Log Analysis. He says that today things are complex.
But Modern day IT environments are dynamic and complex, making it difficult to manage the enormous amounts of data coming at your disposal. They come from all your applications, diverse systems and multiple connected networks.
There is always a need to access the log files to know what changes happened to the server status/ Accessing and managing log files is a very challenging and time consuming task, in an IT Enterprise. Traditionally in such environments, no user other than the Primary IT administrator had the right to total access to any production systems. Log files are crucial in the application lifecycle management process.
So if any other user wants to access these files then temporary methods for isssuing permission need to be given.
So log management becomes a challenge when other users required access for troubleshooting critical issues. Typically the Dev and QA team require access, for whom log files are a necessity. There are other possible users requiring access to the production and pre-production machines.
- $\log^*(n)$ runtime analysis (cs.stackexchange.com)