A structured methodology for deploying log management in WANs

The collection of log data is a challenging operation for organizations that wish to monitor their infrastructure for security reasons. In this paper a methodology for the implementation of a log management infrastructure for real-time security monitoring on a large scale infrastructure is proposed. Related methods are adjusted and adopted to compose parts of the proposed methodology, avoiding to “re-invent the wheel” where possible. Social network analysis is employed to make and justify decisions that were formerly performed either intuitively or based on experience and vendors' best practices. The methodology concludes with the creation of a repository of the necessary data. The result is an innovative methodology that can be used as a step-by-step guide for the implementation of a log management infrastructure in an organization. The proposed methodology is applied to a real WAN.