Why do systems benefit from event log monitoring?
In general, network systems benefit from event log monitoring because these resources and tools help to show administrators more about what's happening across a given network. Experts point out that even small networks can really take advantage of event log monitoring, to make administration more efficient and avoid serious security problems and other issues.
One main way that event log monitoring helps is that it allows administrators to look for patterns of events, rather than just maintaining logs that may never get analyzed. This applies to things like authentication, storage processes, data requests and more. Rather than simple passive logging of events, event log monitoring helps detect when something bad is happening on the network.
Event log monitoring also helps administrators to cross-index or correlate individual instances of certain problems. For instance, network administrators can look for instances of redundant array of independent disks (RAID) errors that may happen when a particular storage disc malfunctions. They can look at invalid logons or authentication records to figure out if somebody is trying to gain unauthorized access. They can look at server performance to see whether data queries are being handled effectively. They can also run certain kinds of security scans and analysis to catch vulnerabilities in the system.
E-mail is not a threat. (Postal mail) is universal. The Internet is not.- USPS spokesperson Susan Brennan, in a 2001 Wired article.