The Logging and Reporting Architecture Design

on Tuesday, 01 January 2013. Posted in Solution & Business Architecture, Blog


The Logging and Reporting Architecture Design is the design specifications for the logging, monitoring, and reporting infrastructure

Below is my checklist that I use for my logging and reporting architecture design of the solution architecture

  Understand the client’s current logging and reporting architecture.

·          Interview the security manager and system administrators to determine what logging and monitoring is currently in place.

·          Review current capabilities by examining network diagrams and infrastructure components in the Technical Infrastructure Assessment and Technical Infrastructure Requirements or by touring the site.

·          Document all critical servers, including network appliances, routers, switches, and intrusion detection systems, where logging should be enabled. Pay particular attention to critical, externally accessible devices and servers.

2.       Develop the business management requirements for logging and reporting.

·          Interview the project sponsor or the CIO to determine the business goals of the project.

·          From these interviews, determine what servers and infrastructure devices are critical to operations.

3.       Interview user groups to determine their logging and reporting requirements, such as bandwidth, performance, reliability, scalability, security, and performance. User groups include telecommunications, applications, network, human resources, accounting, internal audit, and legal.

4.       Define system capabilities, dependencies, and assumptions based on the management and user requirements. Use the Security Web Sites tool to include security-related web sites in your research.

5.       Develop the system operating environment for the logging and reporting architecture.

·          Document the operational policies, operational constraints, existing operational environment, existing support environment, and constraints on design and implementation.

·          Verify that attempts to modify this information are logged and trigger an alarm that shows source and destination IP addresses, protocol type, time and date, data (size and packet details), and activity. Keep records for 1 year unless otherwise instructed by legal counsel.

·          Verify that these events trigger alerts: unauthorized scanning or probing of networks, malicious code presence, unauthorized attempts to access services (whether in use or not), changes to files without change request approval, large increase of traffic, loss of connection to any of the servers within the production environment, and loss of connectivity.

·          Review the architecture with the security manager or system administrator who will have ownership of the reporting system.

6.       Document the system users, including personnel profiles, organizational structure, personnel interaction, personnel activities, and documentation. This information is required for selecting triggers and alerts.

7.       Work with the project manager, security manager, and system administrators to document the process flow for the logging and reporting infrastructure.

·          Define the processes.

 ·          Create process models to illustrate the flow and sequence of operations; for example, a Visio diagram showing servers that have logs, how the logs are transferred to the central server, and how the reporting server transmits alerts and notifications.

8.       Document the system definitions for the logging and reporting architecture.

·          Include operation modes and states of the architecture, the system functions and their relationships, and configuration allocation for hardware, software, facilities, and system interfaces.

·          See vendor hardware and software data to understand the implications of client requirements.

9.       Meet with the client to determine the performance requirements of the logging and reporting architecture, such as physical locations, constraints, hardware and software performance, support requirements, safety requirements, the size of the log files, and the frequency of log traffic.

10.   Develop quality assurance plans for the design.

·          Develop requirements for the testing environment that will be used to verify the design requirements and constraints. Include a network diagram of any testing equipment you will use.

·          Document the configuration of your testing environment with an example of each type of log or report, such as checkpoint firewall logs, UNIX syslogs, router and switch logs, and Windows event logs. Describe the architecture of each central logging server that will be used.

·          Document the results of your tests. List each criterion and develop a test to confirm it. For example, validate that each device can communicate with the central logging server, validate that the logging server can receive traffic, and ensure that the logging server can communicate to a reporting server or a third-party monitoring system.


Comments (6)

  • Antoine


    10 June 2013 at 10:57 |
    Very nice post. I absolutely love this website.
    Continue the good work!
  • Melody


    11 June 2013 at 18:21 |
    Just wish to say your article is as astounding. The clearness for your put up is great and i can assume you're an expert in this subject. Well along with your permission allow me to grasp your RSS feed to keep up to date with forthcoming post. Thank you a million and please carry on the gratifying work.
  • Alvaro


    11 June 2013 at 21:36 |
    You're so interesting! I do not think I've truly read through a single
    thing like this before. So great to find another
    person with a few unique thoughts on this topic. Seriously.
    . many thanks for starting this up. This site is one thing that is required on the web, someone
    with a little originality!
  • Elizabeth


    12 June 2013 at 02:20 |
    Hey would you mind stating which blog platform you're working with? I'm looking to start my own
    blog soon but I'm having a tough time selecting between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I'm
    looking for something completely unique. P.S Sorry for getting off-topic but I had to ask!
  • Eulalia


    12 June 2013 at 12:52 |
    First off I would like to say awesome blog! I had a quick question that I'd like to ask if you don't
    mind. I was curious to know how you center yourself and clear your thoughts prior to writing.
    I have had a hard time clearing my mind in getting my ideas out.
    I truly do enjoy writing but it just seems like the first 10 to 15 minutes are lost simply just trying to figure out how to begin.
    Any ideas or hints? Cheers!
  • Donnie


    12 June 2013 at 13:07 |
    Hey there! This is my 1st comment here so I just wanted to give a quick shout out and say I truly enjoy reading your blog posts.
    Can you suggest any other blogs/websites/forums that deal with the same
    topics? Thank you!

Copyright 2018 All rights reserved.