Log Mgmt
Log Management in the Cloud:
A Comparison of In-House versus Cloud-Based Management of Log Data
A SANS Whitepaper – October 2008
Written by: Jerry Shenk
Sponsored by Alert Logic
Basic Practices Questions for the Cloud Provider Considerations for In-House Log Management
Executive Summary
In the 2008 SANS Log Management Survey, 20 percent of respondents who were satisfied with their log management systems spent more than one week each month on log analysis. Most of those companies were in the Global 2000. The remaining small- and medium-sized businesses (SMBs) and government organizations spent between a half-day to five days per month on log analysis. The survey also showed that, because of difficulties in setup and integration, most organizations have only achieved partial automation of their log management and reporting processes. These difficulties have organizations, particularly SMBs, wondering if they should turn over log management to an in-cloud provider—one that provides their log management software and log data storage over the Internet. In January, 2008, Stephen Northcutt, president of the SANS Technology Institute, wrote that there are pitfalls with putting log management in-the-cloud. On the plus side, he adds, “you will almost certainly save money. In addition, real experts on log analysis are hard to find...” 1 Recently, vendors began offering log management in-the-cloud (otherwise known as Software as a Service or SaaS), as a way to simplify log management because the provider can dedicate the material resources and retain the talented, focused personnel to do a better job for less money. This particularly makes sense not only for SMBs without the dedicated manpower, but also for enterprises whose IT resources are stretched trying to manage multiple distributed LANs. While IT managers agree that log management is difficult, they are leery about handing over their log data to a third party application provider because the data might not be
A Comparison of In-House versus Cloud-Based Management of Log Data
A SANS Whitepaper – October 2008
Written by: Jerry Shenk
Sponsored by Alert Logic
Basic Practices Questions for the Cloud Provider Considerations for In-House Log Management
Executive Summary
In the 2008 SANS Log Management Survey, 20 percent of respondents who were satisfied with their log management systems spent more than one week each month on log analysis. Most of those companies were in the Global 2000. The remaining small- and medium-sized businesses (SMBs) and government organizations spent between a half-day to five days per month on log analysis. The survey also showed that, because of difficulties in setup and integration, most organizations have only achieved partial automation of their log management and reporting processes. These difficulties have organizations, particularly SMBs, wondering if they should turn over log management to an in-cloud provider—one that provides their log management software and log data storage over the Internet. In January, 2008, Stephen Northcutt, president of the SANS Technology Institute, wrote that there are pitfalls with putting log management in-the-cloud. On the plus side, he adds, “you will almost certainly save money. In addition, real experts on log analysis are hard to find...” 1 Recently, vendors began offering log management in-the-cloud (otherwise known as Software as a Service or SaaS), as a way to simplify log management because the provider can dedicate the material resources and retain the talented, focused personnel to do a better job for less money. This particularly makes sense not only for SMBs without the dedicated manpower, but also for enterprises whose IT resources are stretched trying to manage multiple distributed LANs. While IT managers agree that log management is difficult, they are leery about handing over their log data to a third party application provider because the data might not be