1. Logging means that an entry is made in a log file for every
message that is processed by the router
The log lets you see how users are using the WLAN
◦ What protocols and port numbers are being used
◦ What source IPs and destination Ips and URLS
◦ What date and time the messages were processed
Logs are used for security
◦ To verify that security settings are correct by checking that only permitted
traffic enters from the outside
◦ To discover threats by analysing the packets dropped on the outside
◦ To verify that inside users are complying with the security policy and are
using the network correctly and appropriately i.e. not using torrent
software and browsing to malicious or inappropriate sites in violation of
security policy
Logs must be stored securely
◦ Access to logs must be restricted and monitored to prevent unauthorised
changes, particularly if logs will be used as evidence of wrong doing
2. Logs are used for capacity planning
◦ The data in log files can be loaded into analytics software for
trend analysis
◦ Logs can show data flows that cross networks
For instance, a data flow might occur every morning at 8:30 as
everyone starts work and authenticates to the domain controller
Data flows are used to show trends in usage over a period of time
so that the volume of data crossing links can be predicted
Plans can be made and implemented to upgrade equipment and
links before the users notice a decrease in their network
performance (speed) due to congestion and load