8. vCloud Operations Control : 8.9 Access and Security Management : 8.9.3 Log Management
   
8.9.3 Log Management
Providing log data to customers is an important capability for providers offering vCloud services. The following are some of the primary advantages:
*Regulatory Compliance – Aggregate log data for security review and analysis through applicable controls. Archive historical data and retrieve based on audit window containing relevant data. Logs showing specific events such as a user authentication with a timestamp are examples of satisfactory evidence for auditors
*Tenant Requirements – Tenants (customers or clients) should have access to logs that pertain to the use of their particular compute resources. Tenant log requirements are similar to those for a provider, but the ability to offer the data that corresponds to the specific tenant is an important capability in a vCloud environment.
*Event correlation – Log data can be forwarded to Security Information and Event Management (SIEM) tools for analytic analysis and correlation with unique behavioral signatures. This enables the possibility of early and possibly real-time detection of an attack, misconfiguration, and secondary capacity utilization reporting.
*Operational monitoring – For the automation of health and status reporting, logs can provide data that can be checked when required for state changes to applications, operating systems, and virtual machine hosts.
*Simple Troubleshooting – Many applications and operating systems provide the capability to enable more verbose logging detail during runtime. When troubleshooting unexpected behavior, this additional detail can provide the information needed when attempting to remediate most problems.