One of the most neglected aspects of computer security is the active monitoring of security logs. Now the National Institute of Standards and Technology has published a doc on how federal agencies should manage security logs. This 64 page document breaks out the process from collection to infrastructure, definition of roles and log management process. In all honesty how many of you out there review your logs with any regularity?
NIST Special Publication 800-92: Guide to Computer Security Log Management
Article Link (from Bruce Schneier’s blog)
[tags]NIST, Security Logs, Log Review, Log Files, Log Management[/tags]