A methodology for building a log management infrastructure

In this paper a methodology for the implementation of a log management infrastructure for real-time security monitoring on a large scale infrastructure is proposed. Related methods are adjusted and adopted to compose parts of the proposed methodology, avoiding to “reinvent the wheel” where possible. Social network analysis is employed to make and justify decisions that were formerly performed either intuitively or based on experience and best practices. The methodology concludes with the creation of the repository of the necessary data. The result is an innovative methodology that can be used as a step-by-step guide for the implementation of a log management infrastructure in an organization. The proposed methodology is applied to a real WAN.