Five mistakes of log analysis
Anton Chuvakin has written an interesting article on the mistaks of log analysis.
It’s a great starter for some of the things to avoid when you are building or evaluating your log analysis infrastructure. However, I wish Anton had been more in-depth with some of the topics. For example, what are the regulatory pressures organizations are facing.
Also, Anton has written this from a security perspective. As I wrote previously, security intelligence is only a third of the log story. We can extract a lot more value from logs than just security.
I do realize that the SIM space is created based on the security issues that kept popping up, however, I believe the SIM space is limited and will need to provide a lot more operational intelligence in order to justify the cost.
Disclaimer: This is my personal blog. The opinions expressed in this blog are the views of the writer and do not necessarily reflect the views and opinions of VMware.