Appendix B: Compliance Considerations : Use Cases: Why Logs Should be Available : Log Purposes
Log Purposes
Logs are the foundation of many controls used to achieve internal requirements and regulatory compliance. They track and record changes and incidents as they form an audit trail. Logs offer the following benefits:
*Compliance requirements – Logs are required for all compliance regulations to assist with control auditing as well as breach review, analysis, and response. Specific types of logs often can be matched with specific compliance controls. For example, the authentication log can show the access controls that are allowed only for authorized users.
*Customer requirements – End customers can retrieve logs that pertain to their environment to meet their own requirements.
*Operational integrity – Operational alerts should be defined for logs to trigger notifications for remediation. This is frequently set up as a backup alert, secondary to monitoring. A storage array that goes offline generates error messages in the logs, which can be used to alert administrators.
*Troubleshooting – Closely related to operational integrity, logs are essential for troubleshooting. For example, the use of vCloud Networking and Security Edge logs can show whether a specific external connection request is being passed through or NATed by the firewall.