Log Management encompasses the collection, storage, protection, analysis, and retention of system and security logs. Logs record events including authentication attempts, system changes, network connections, and application activities. This data is essential for security monitoring, incident investigation, compliance, and forensics.
Effective log management requires identifying critical log sources, ensuring reliable collection, protecting logs from tampering, maintaining sufficient retention periods, and enabling efficient search and analysis. Centralized log aggregation feeds SIEM systems for correlation and alerting.
CISSP Relevance
Log management appears in Domain 7 (Security Operations) and Domain 6 (Security Assessment and Testing). Understand log sources, collection methods, protection requirements (integrity, access control), retention policies driven by compliance, and analysis techniques. Know that logs are often the primary evidence in incident investigations.
NIST covers log management in SP 800-92 Guide to Computer Security Log Management.
Related terms: SIEM, Incident Response