[Editor’s note: Part of a continuing series about best practices for log file management]

There are a variety of forms of security when talking about computers, the Internet, and smart phones. With respect to log files, the security discussed here has less to do with access to the log files, and is more concerned with access to modifying the configuration of the log files. We’ll look at a few challenges which should be taken seriously and managed accordingly within any size of organization.

While earlier it was stated that log files are ‘intellectual property’, log files tend not to contain any information that is critically confidential because there is no personally identifiable information—though web data should be considered critical business asset. Should the log files of any given organization get in the hands of others not warranted those rights, there isn’t much harm that can be done.

For the most part, even if your log files ended up in the hands of your closest competitor, they would have no advantage—the most useful competitive information is already available through services like Compete. A competitor likely wouldn’t even know what to do with the log files; let alone try to harvest them for information that gives them any advantage in the market.

Best practices and policies

Really, this blog is about policies rather than security. Every organization should have policies in place for who is able to modify the structure of the log files for corporate web assets. Whether it is for the corporate web site, the intranet, the extranet, or other online assets, only a select set of personnel should be able to modify the log file structure and the data points contained within them.

On more than one occasion within our client base, changes which have impacted the data contained within the log files have been made without company-wide notification. As a result, the data can become extremely inaccurate if we continue with the log file analysis.

To complicate matters, many large web sites are spread across multiple servers. When a change is made to a log file, it is critical that the same change be made immediately to the other servers supporting the web site. Should those changes not be made, or be made differently than the first server, the data can then be inaccurate upon processing with most web analytics engines.

A few tips

A common best practice to add a new field to a log file is to add it to the end of the configuration string or log entry such that the new data points are the last in each log entry. If an addition is made in the middle of the string, half the log file entry ‘shifts’ and the data may be attributed to the wrong field given the log file configuration for the web analytics engine. If the new data points are added at the end, they will not impact the previous data configuration. They may not get picked up immediately by the log analysis engine, but at least they will not affect the data negatively.

In short, log files need both security practices and policies to protect them and the data they represent. A great starting point is minimizing the number of people that have access to the logs to help prevent unwanted modification. A record (or a ‘log’) should also be kept about changes made to the log files (which would include the change made, the date, the person that made the change, etc.).

These simple tips can help minimize damage in the event of an error and help to track the responsible parties when changes are made. Keep these in mind to save yourself hours of work, so you can get back to helping visitors and customers.

Message Sent

Thank you for registering.

Cardinal Path hosted a live session to connect with you and answer all your questions on Google Analytics.
Get all the expertise and none of the consultancy fees in this not-to-be-missed, rapid-fire virtual event.

Thank you for submitting the form.

Thank you for submitting the form.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you.

Click here to download access the tool.

Message Sent

Thank you for registering.

Message Sent

Thank you.

Message Sent

Thank you.

Message Sent

Thank you

Message Sent

Thank you

Message Sent

Thank you.

Message Sent

Thank you

Message Sent

Thank you.

Message Sent

Success!
Your message was received.

Thank you.

Thank you for registering.

Cardinal Path is continuing with its series of free training. Next we are conducting training on Google Data Studio. Check it out here.

Message Sent

Thank you for registering.

Thank you for your submission.

Your request has been submitted and a rep will reach out to you shortly.

Message Sent

Thank you for your interest.

Thank you for registering.

You should receive a confirmation email from GoToWebinar with your unique webinar login information. If you do not receive this email or have trouble logging in to the event, please email asmaa.mourad@cardinalpath.com.

Thank you for subscribing!

You're now looped into the world's largest GMP resource hub!

Thank you for your submission.

Thank you for your submission.

Thank you for your submission.

Thank you for your submission.

Message Sent

Thank you for registering.

Message Sent

Thank you for your submission.

Thank you for your submission.

Message Sent

Thank you for registering.

Thank you for registering.​

Paid media spend by Government websites increased a whopping 139% YoY in 2020.

2020 Online Behavior Live Dashboard

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

2020 Online Behavior Live Dashboard

Thank you for your submission.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Success! Thank you
for reaching out.