ABSTRACT
At this point, you have decided to move forward, either with an enterprise log consolidation and trace log analysis program, or with enhancements to the existing program. If you have chosen the enhancements route, you have, it is hoped, thoroughly surveyed the program and now have a good handle on its “current state” with respect to your logging processes (or lack thereof). You should have also identified what your specific requirements are, either from an external regulatory agency or board, your own company’s policies, or industry-specific requirements. Your program should also have been modified to perform a full capture of the audit log records, which will be used later for full audit log compliance, as well as potentially for computer security forensics or after-the-fact investigations. Alternatively, you may have decided that your logging will be used solely for the purposes of audit log alerting, or alarms in a consolidated fashion, but we touch more on that approach in Chapter 5 and beyond.
