Building an Infrastructure That Enables Log Management Best Practices: A Technology Strategy for Comprehensive Security Information and Event Management

Building an infrastructure to incorporate an ILM strategy for log data involves combining Security Information and Event Management (SIEM) technology with tiered storage. Although infrastructure requirements will vary depending on each organization's particular environment, there are many that are common across organizations. This paper is intended to help organizations determine their own infrastructure requirements by providing a comprehensive look at general requirements and specific requirements in log generation and capture; log retention and storage; log analysis; and log security and protection.