Server Centralized Logging

Introduction

During an IT security incident, logs help determine what happened and when. Attackers often delete or modify local logs, so the IT Security Office requires remote, centralized logging for all medium and high risk servers.

Procedure

1. Meet the Standard for Information Technology Logging requirements.
2. Forward logs to University Central or an IT Security Office authorized log server.
3. Log servers should forward logs to the University Central log server.

Other

If you have questions that are not covered in this procedure, please contact the Virginia Tech IT Security Office at itso@vt.edu for a consultation.

Resources

• Existing 4Help Document