Based on EGI Security Traceability and Logging Policy all certified EGI sites need to have a remote logging service in place. By storing logs remotely, you protect them from being tampered with or deleted by attackers who gain access to your systems. This ensures the integrity of your logs, which is crucial for forensic analysis. Having logs in a central location also enables active monitoring and detection of anomalies or attacks.
The EGI CSIRT has written logging guidelines which include information on which logs to collect and how to configure your remote logging instance. Please follow this link for more details:
https://confluence.egi.eu/display/EGIBG/Security+Traceability+and+Logging
Recent Comments