Log Management and Monitoring Procedure

A. Reason for Procedure

In order to ensure that systems which process, transmit or store LDEO data are secure, system log files need to be saved for future reference and periodically analyzed to look for signs of potential security breaches.

B. Responsible Office and / or Officer

The Project Owner / Project IT Custodian is responsible for ensuring log files from systems under their control are saved and analyzed for potential data breaches.

The Lamont IT Department is responsible for the maintenance of this procedure, and for responding to questions regarding it.

C. Procedure

  1. Activate logging on the server.
  2. Configure logging to keep track of access to other systems as well as access to the server itself.
  3. Retain logs at least 29 days.
  4. Ensure logs record the following information:
    • Date and time of activity
    • Description of activity
    • User performing activity
    • Origin of activity (IP address, etc.)
  5. If you wish to use the SumoLogic log management and analysis suite that LDEO IT is using for its logs, contact [email protected] with the keyword “Log Management” in the title, then follow the received instructions for installing and configuring the SumoLogic client.
  6. If you do not wish to use the SumoLogic, you need to ensure your log management solution does the following:
    • A syslog or similar function is used to store logs on a separate system
    • Logs are reviewed by the IT Custodian on a regular basis to look for unusual activity
    • Log monitoring software is installed when available
    • Audit mechanisms are in place to generate reports of auditable events, including:
      • Failed authentication attempts
      • Access to the system
      • System startup or shutdown
      • Use of privileged accounts
      • Security incident
      • Change of users security information

D. References

Refer to the CU Information Resource Access Control and Log Management Policy for more information here: https://universitypolicies.columbia.edu/content/information-resource-access-control-and-log-management-policy

Appendix A

Suggestions for software to implement the log management and analysis procedure:

  • Sumo Logic sumologic.com

    LDEO IT uses Sumo Logic Log Management and Security Analytics software on all LDEO IT systems.  Contact LDEO IT about capacity and pricing.

  • Splunk www.splunk.com

    A commercial data collection and analysis platform.

  • Tripwire www.tripwire

    A commercial cybersecurity platform.

  • Graylog www.graylog.org

    An open-source log collection and analysis tool with a paid option.