Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through.   If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems.  Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research