Logging
- 1. Logging means that an entry is made in a log file for every message that is processed by the router The log lets you see how users are using the WLAN ◦ What protocols and port numbers are being used ◦ What source IPs and destination Ips and URLS ◦ What date and time the messages were processed Logs are used for security ◦ To verify that security settings are correct by checking that only permitted traffic enters from the outside ◦ To discover threats by analysing the packets dropped on the outside ◦ To verify that inside users are complying with the security policy and are using the network correctly and appropriately i.e. not using torrent software and browsing to malicious or inappropriate sites in violation of security policy Logs must be stored securely ◦ Access to logs must be restricted and monitored to prevent unauthorised changes, particularly if logs will be used as evidence of wrong doing
- 2. Logs are used for capacity planning ◦ The data in log files can be loaded into analytics software for trend analysis ◦ Logs can show data flows that cross networks For instance, a data flow might occur every morning at 8:30 as everyone starts work and authenticates to the domain controller Data flows are used to show trends in usage over a period of time so that the volume of data crossing links can be predicted Plans can be made and implemented to upgrade equipment and links before the users notice a decrease in their network performance (speed) due to congestion and load