In the Audit Logs and Monitoring service, the Technology Services Infrastructure group configures servers, firewalls, networks, and other computer devices to ensure that audit logs are appropriately configured and maintained. Logs help record information that allow the reconstruction of a timeline of events and system activity. This information is important for helping analyze, monitor, and respond to potential misuse of and/or intrusion into LSA computing resources.
When configuring audit logs and monitoring events, it's important to keep in mind that the various platforms available (such as operating systems, web services, databases, file systems, and so on) are unique in how they handle logs. Technology Services staff address the configuration and monitoring of logs for Technology Services supported desktops, servers, and networks. One of the services that Technology Services operates to retain and process logs is Splunk. We work with other IT departments to help in configuring and maintaining logs from their own systems; please contact us for assistance.