Absolutely, there’s an easier way to manage data logs

  • Timely and reliable access to audit logs is essential when managing and securing enterprise-level systems.

  • Cloud-based storage solutions provide redundant, cost-effective, secure alternatives to hardware storage.

  • Tripwire Log Center now works with AT&T's Synaptic Storage as a Service (STaaS).

If you’re an IT professional who manages and secures systems, you need to see and track all the streams of data flowing in. In the IT world, determining what led up to an event of interest, such as a DDoS attack, means keeping an ongoing log of system and application data. Timely and reliable access to these audit logs is essential. But at the same time, managing the huge volume of data that results from such comprehensive logging can be overwhelming. And finding data quickly when investigating a security incident, performance problem, or any high-priority system event can be even more tedious.

In addition, how logs are archived and managed can be a challenge if you must meet compliance regulations such as PCI DSS. Looking through the data manually is not an option, so being able to plan ahead and automate as much as possible is the way to go.

Planning for the amount of data generated by your log collection calls for an assessment of the volume. One method is to estimate the collective events per second (EPS) that will be flowing through your log management tool. If you’re already collecting logs, you can monitor the volume of data indexed per day to establish a baseline.

If you’re just getting started with log collection, you should first track the events below:

  • Firewall logs
  • Unsuccessful login attempts
  • Intrusion Detection Systems (IDS/IPS) logs
  • Web proxy logs
  • Antivirus and malware alerts
  • Change management data

Once you’ve established how much data you’ll index per day, you can get an idea for how much disc space you will need to store and archive your data. Even with a good estimation process, you’ll probably end up needing more storage than you think.

One solution to this particular challenge is to take advantage of cloud-based storage to archive your data. Instead of guessing how much storage space you need and buying expensive hardware that your IT staff will need to maintain, manage, and back up, cloud storage provides a reliable, secure, and cost-effective alternative.

The good news is that you don’t have to solve this on your own. We’re happy announce that Tripwire Log Center now works with AT&T’s Synaptic Storage as a Service (STaaS), providing peace of mind and an easier way to archive your log data to the cloud. The AT&T STaaS is a secure, redundant cloud service that will store your logs in two geographically separate locations.

Tripwire Log Center’s security features work in parallel with AT&T’s Synaptic Storage’s access and security controls. For added security, you can also use Tripwire Log Center’s data encryption tool to make sure archived data is encrypted before being moved to the cloud, ensuring nobody can access your archived data but you.


 Dwayne Melancon is Tripwire’s chief technology officer and is an expert in cybersecurity. He has written this guest post for the Networking Exchange Blog.

Dwayne Melancon Chief Technology Officer Tripwire About Dwayne