Editor’s Note: This Cybersecurity Awareness Month, we have covered various security topics relating to document-based information. Encryption, pull printing, and even hardcopy security features can protect your valuable information assets. But as they say, an ounce of prevention is worth a pound of cure. Though it’s not a topic regularly in the headlines, thorough and consistent monitoring of system logs can help administrators spot security concerns before they impact your organization. They can also help you identify culprits in the aftermath of an attack.
If you are new to LRS Enterprise Solutions, then you may be surprised to learn that LRS makes extensive use of detailed system logging. If you are already familiar with our software or if you are currently using LRS solutions, you will know this to be true.
Why so much logging? Why so much detail? First, it's important to know that LRS solutions have always emphasized system logs. This was true in our earliest days of managing mainframe output and today extends to our new, Cloud-based solutions, mobile device-based solutions, and software to manage output from PCs and Macs. Regardless of platform, LRS continues its practice and culture of detailed system logging. Some might claim that this approach to logging is an inherent part of Enterprise Output Management. But really, detailed logging was invented long before LRS. People have been logging data since long before computers or even electricity was invented.
Who Was First?
So, let's explore logging in detail to answer the question; Why log? Why log in detail? Why keep multiple logs? More to the point, why are logs important today? A very interesting read that sheds light on this is a book by David Grann: "The Wager: A Tale of Shipwreck, Mutiny and Murder." You may be thinking, “What does a book about an 18th-century shipwreck have to do with modern technology? Are you going off on a tangent again?” I’m not. The history highlights the value of the modern practice. Let me explain.
It is informative to understand how and why oceangoing ships began keeping detailed records. Even the etymology of the word “log” comes from 19th-century maritime practices. When a ship was at sea, so many factors, both external and internal, affected the ship’s voyage for good, bad, and possibly for tragedy. When the sailors needed to know the speed of the ship in the water, they dropped a rope with knots tied in it and a log tied on the end. That rope was used to measure the speed in, wait for it... Knots. When did they do this? They did it at regular intervals. In fact, British maritime practices were so consistent with regard to logging that multiple logs were kept by multiple stations in a ship. The captain, the First Mate, the ship’s doctor, midshipmen, even some seamen who weren't officers kept logs. So precious were those logs that even in a shipwreck, some of the first things that they attempted to save were the logs.
Why? For the same reason forensic cybersecurity experts still value them today.
Root Cause Analysis of Major Events and Analytics
The reason ship logs were so valuable went far beyond just identifying the cause of a shipwreck. However, in the case of a shipwreck, researchers from the Navy would want to know what happened. The logs were examined to find information that might prevent future wrecks. In the same manner today, we use logs to understand a problem. Did a server crash? What happened? Was this preventable?
There are other reasons these logs were valuable. Did you know that even now, in the 21st century, some of those 18th century logs are being used to help predict weather patterns?
Logging data in the 19th Century gave a great advantage to shipping. All detailed logs went back to the Admiralty, where they were compiled and analyzed. So, this is the origin of the word log. It's defined as a record of observations, readings, etcetera. In these logbooks, all events, from important to routine, happening on the ship were recorded by different people from their different perspectives. One log might hold data from which the navigator determined his position. But others also helped with an understanding of the health of the crew, meteorological journals of the weather, even merchant ships kept logs.
It seems to me is that this was the first implementation of data analytics. All the logs were centralized by being brought back to the Admiralty. There were issues though back then with accuracy, right? Well, at the time, determining accurate Longitude was not reliable in that they had to use a method called dead reckoning where they tried to piece together how fast and how far they thought they went. Sometimes they were off by hundreds of miles.
No More “Dead Reckoning”
What can we understand about 21st century logs and analytics from 18th century logs? First, if you were to read those logs, (many still exist), you would see that they're not always easy to read. They're often written in shorthand, with the specialty of the officer or seaman in mind. Only an educated eye could read them. They held a wealth of information, not just about a specific event, but about trends, about conditions, about the general health of the ship and its crew.
Today, you have many different logs. You have server logs that record core operations of server-based components. Entries in those logs include entries on activity in and out, networking status, routine events, etc. But you will also have security logs telling you who's getting in, who's authorized, and what actions were attempted. Were there unauthorized attempts? If so, what groups and accounts were used?
We also have user logs that contain entries from the point of view of the end user. What activities have I done? Have they worked? How have they worked? What equipment was I using? What drivers were installed or used? Just as it was important to have logs from different perspectives on a ship, we may find that valuable information is recorded from a source that you didn’t anticipate.
These days, every log entry timestamp is based on a global time standard and correct to hundredths of a second. “Dead reckoning” is no longer needed. What has not changed with modern logs is that sometimes it may take an educated eye to understand the significance of a specific log entry. In the 18th century, someone needed to understand the sea, or even a specific role on a ship to understand the logs and what they meant.
Today, you may also need someone reading the logs with you who understands the environment and the technology. That is why you have the help of LRS Product Support and LRS Engineering. They can help you understand by looking at these logs. Weaving them together can paint a picture of exactly what is going on with your system, where network or security issues exist, and what can be done about them.
This background and detail help answer the questions: why so much logging and why so much detail is required. In the 21st century, a literal shipwreck is not likely to be your concern. An attempted cybersecurity attack may be. Uncharted hazards including piracy and breakdowns in discipline have many forms. You need detailed and accurate logs to navigate your enterprise through the vast electronic oceans.
Why venture into the unknown without any guidance? LRS logging can help you ensure smooth sailing.