October 05, 2006

Log Management...Log Management...Log Management

I have been reading a lot lately on log management especially on topics like log collection, storage, analysis and reporting. It is all good. Lot of people (Industry, product vendors, customers) are getting to know the importance of log management & monitoring. Customers are asking product vendors the right questions when it comes to solution purchase & implementation. However, I think it is big time we shift gears and focus on developing products that are audit friendly (Oops...I said it.Is this the right term?) in the first place. I have not seen much literature on this area. I am not looking for suggestions on how to develop/enhance products that adheres to a specific vendor's log solution. Instead, it would be nice to have a set of recommendations on how best to develop products that are friendly to track/audit without compromising its core functionality or performance. There are few things on top of my mind like

  1. Products should log in the first place and when logging should record enough information to a standard logging system.
  2. Products that do not log to a standard logging system should log in a format that could be understood by log consumers. A better idea would be to stick to the format taken by the standard logging systems for good inter-operability.
  3. Always, think ahead on the kind of auditing that might be performed on the product. A better way to think about this would be in terms of reports or analysis that customers or admins or auditors might want to run on the product logs. This might help and at the same time might shift the entire development focus to a completely different plane (if not careful).

That is all for now...