Taking Stock, What Is in Place Today

Before you can launch into a whole-scale revamping of your logging approach, you should perform an analysis of what you have in place today. This is important for several reasons: your consolidation approach should show efficient use of resources, cost consolidations (and possibly savings), and reduced forensics and investigative time; and, of course, better showing of audit ability that you can prove audit logs are retained, managed, and archived in a secure manner when your consolidation approach is laid out and executed appropriately.