8.9.3.2. Logging as a Service
When enabling a formalized service for log collection and processing, there are two types of log services a provider should consider offering to a customer: provider log management of customer logs, and provider forwarding logs to customer for management.
Provider log management of customer logs for systems within the vCloud organization – The customer sends logs to a provider for analysis and report generation of customer specific events.
Pros:
Logs can be sent over private VLAN within the providers environment.
Cost savings for customer of licensing SIEM tools.
Cons:
Difficult to customize analysis and correlation to other customer-specific events.
Dedicated resources required even with low utilization.
Billing does not follow IaaS model given resource consumption is primarily for storage and analysis.
Provider forwarding logs to customer for management
– Logs from provider resources such as network equipment, host server and firewall appliances are sent to customer system for collection and analysis.
Pros:
vCloud resources are scalable and rely on distributed analysis within customer environment.
Customer uses tool of choice for analysis and reporting.
Cons:
Creates duplicate copy of infrastructure log for audit purposes.
Log transmission requires network resources.
Due to multitenancy within the vCloud, a potentially complex implementation is required as a result of the need for an in-built intelligence engine in the log forwarding mechanism.