The role of log normalization in achieving consistent log management
Salminen, Inka (2025)
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202601081110
https://urn.fi/URN:NBN:fi:amk-202601081110
Tiivistelmä
Logs are essential for security monitoring and troubleshooting in digital infrastructures. They capture events from various systems, helping organizations detect anomalies, respond to threats, and ensure operational integrity. Effective log management is vital for maintaining security and reliability.
Log normalization involves transforming log data from multiple sources into a consistent structure, which is essential for ensuring comparability and efficient analysis across systems.
The commissioning organization for this thesis is CSC - IT Center for Science. CSC manages complex infrastructures that produce large volumes of log data, making log normalization crucial for effective security monitoring. The objective of this thesis was to analyze how log data from multiple sources could be normalized within CSC’s environment and to outline the next steps for implementing the process.
The study showed that log normalization has a significant role in security monitoring, as important insights may be overlooked without comparable data. Through practical implementation, the use of log schemas and the configuration of OpenTelemetry Collector Contrib were demonstrated, confirming its effectiveness as a vendor-agnostic solution for normalization.
Log normalization involves transforming log data from multiple sources into a consistent structure, which is essential for ensuring comparability and efficient analysis across systems.
The commissioning organization for this thesis is CSC - IT Center for Science. CSC manages complex infrastructures that produce large volumes of log data, making log normalization crucial for effective security monitoring. The objective of this thesis was to analyze how log data from multiple sources could be normalized within CSC’s environment and to outline the next steps for implementing the process.
The study showed that log normalization has a significant role in security monitoring, as important insights may be overlooked without comparable data. Through practical implementation, the use of log schemas and the configuration of OpenTelemetry Collector Contrib were demonstrated, confirming its effectiveness as a vendor-agnostic solution for normalization.