Application Centralized Logging

Introduction

During an IT security incident, logs help determine what happened and when. Attackers often delete or modify local logs, so the IT Security Office requires remote, centralized logging for all medium and high risk applications.

Procedure

1. Meet the Standard for Information Technology Logging requirements.
2. Forward logs to University Central or an IT Security Office authorized log server.
3. Log servers should forward logs to the University Central log server.

Resources

Getting Started with Central Log Service (CLS)