Ensure Consistent Formatting for Event Logs
Event logs should be stored in a consistent format to ensure reliable data tracking.
Plain language
This control means that any records of important activities, like logins or changes to a system, need to be in a clear and consistent format. This is important because if the records are a mess, it’s tough to figure out what happened if something goes wrong, like a data breach or system failure.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Aug 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system monitoringSection
Event logging and monitoringTopic
Event Log DetailsOfficial control statement
To the extent possible, event logs are captured and stored in a consistent and structured format.
Why it matters
Inconsistent log formats impede correlation and forensic analysis, slowing incident response and allowing breaches to go unnoticed.
Operational notes
Standardise log schemas (e.g., JSON/CEF), validate fields and timestamps, and routinely sample logs to confirm consistent formatting across sources.
Implementation tips
- The IT team should design a standard template for event logs. This template should clearly outline what kind of information needs to be included, such as the date, time, event description, and user details. Using a standard form helps everyone record information the same way each time.
- Training staff responsible for entering log data is crucial. Managers should ensure that these staff members know exactly how to fill out the logs correctly using the standard template. This can be achieved through a simple training session with examples of correctly filled logs.
- System owners should ensure that the software systems they use are configured to produce logs in the agreed format automatically. This might involve working with software vendors to adjust settings or select appropriate software features.
- IT support should regularly review logs to ensure they remain consistent with the defined format. They can use software tools to spot any discrepancies or manual checks at regular intervals.
- Management should promote the importance of consistent logging in team meetings. Highlighting the benefits, such as easier problem-solving and compliance with legal requirements, can encourage staff to maintain high standards of logging.
Audit / evidence tips
- AskThe event logging procedures document: Request the official procedure document that describes how logs should be formatted and maintained GoodA well-defined document with clear formats for different types of events
- AskSamples of recent event logs: Obtain logs from the last month for several critical systems and check their format
- AskTo see employee training records: Request proof of training sessions for staff responsible for log management GoodDocumented sessions with staff sign-off and materials demonstrating the use of standard log formats
- AskA report on log audits: Push for any internal audit results that include log format checks
- AskTo demonstrate system configuration settings: Request a demonstration of system log settings by IT staff
Cross-framework mappings
How ISM-1959 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.15 | ISM-1959 requires that, to the extent possible, event logs are captured and stored in a consistent and structured format | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.