In the Audit Logs and Monitoring service, the LSAIT Infrastructure group configures servers, firewalls, networks, and other computer devices to ensure that audit logs are appropriately configured and maintained. Logs help record information that allow the reconstruction of a timeline of events and systems activity. This information is important for helping analyze, monitor, and respond to potential misuse and/or intrusion of LSA computing resources.
When configuring audit logs and monitoring events, it's important to keep in mind that the various platforms available (such as operating systems, web services, databases, file systems, and so on) are unique in how they handle logs. LSAIT staff addresses the configuration and monitoring of logs for LSAIT supported desktops, servers, and networks. One of the services that LSAIT operates to retain and process logs is Splunk. We can work with other IT departments to help in configuring and maintaining logs from their own systems.