LOG-3 Centralized Logging

What is this control about?

Utilize a centralized monitoring tool to collect, analyze, predict and report on system issues such as performance issues.

Available tools in the marketplace

The following listing is “crowdsourced” from our customer base or from external research. TrustCloud does not personally recommend any of the tools below, because we haven’t personally used them. 

Available templates

TrustCloud has a curated list of templates internally or externally sourced to help you get started. Click on the link for a downloadable version:

• N/A – no templates recommendation

Control implementation

Note: This control is 100% automated by TrustCloud. Connect your system to enjoy the benefit of automation

For a manual implementation: 

Install a centralized logging tool that is capturing logs from various systems. Ensure the following are configured:

• enable a threshold for alert notifications (map the type of events to be notified on and the threshold to cross for notifications)
• Set up an alert notification (ensure the alert is sent to a team for quick response and review)
• Restrict the access to the log

What evidence do auditors look for?

Most auditors, at a minimum are looking for the below suggested action:

• Provide screenshot of the centralized tool dashboard showing the various systems connected to it and feeding it logs
• Provide screenshot of the alert notification threshold
• Provide screenshot of the alert notification

Evidence example

From the suggested action above, an example is provided below.

1. Provide a screenshot of the centralized tool dashboard showing the various systems connected to it and feeding it logs.

Example shows the dashboard and the various events being tracked:

2. Provide a screenshot of the alert notification threshold.

Evidence shows the alert notification configuration demonstrating who will be alerted

3. Provide a screenshot of the alert notification.

Example of alert notification