A log is a record of events that occurred on a computer system or network device that triggered a notification. The logs are added to a local system file or are forwarded to a centralized log management solution for further processing and analysis. Event logging records what happens in the ICS network. Event logs are a valuable resource for troubleshooting and response practices.
Log management is the process of generating, gathering, transmitting, storing, analyzing, and disposing event logs from disparate sources. At a minimum, the following logs should be centrally collected and stored:
- Firewall logs
- Network intrusion detection logs
- Router and switch logs
- Operating system logs
- Application logs
A convenient method of gathering, ...