A company with regional offices wants to identify unusual trends and hidden anomalies in event records from multiple locations. Which design choice best supports this objective?
Remove certain entries to lower storage costs and keep only minimal records
Maintain logs in separate offices and let each team review its own data independently
Aggregate event data from all regions into a unified repository for collective review
Send logs to a hosted service but avoid performing correlated reviews
Centralizing event data in one shared environment promotes correlation and analysis across all offices. Storing data locally in separate locations prevents recognition of patterns that span multiple regions. Removing valuable entries eliminates critical information used for analysis, and sending records to an outside provider without thorough review limits detection capabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is log aggregation and why is it important?
Open an interactive chat with Bash
Why is it a bad idea to remove log entries to save storage?
Open an interactive chat with Bash
How does centralized logging improve threat detection compared to localized logs?