Timely Centralisation of Event Logs
Ensure event logs are quickly sent to a central logging facility to keep track of important activities.
Plain language
This control ensures that all records of important events on your computer systems, like logins or file changes, are promptly sent to a central system. This matters because it makes it easier to spot unusual activity quickly, helping to prevent security issues and keep your business running smoothly.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for system monitoringSection
Event logging and monitoringOfficial control statement
Event logs sent to a centralised event logging facility are done so as soon as possible after they occur.
Why it matters
If logs aren’t centralised promptly, correlation and alerting are delayed, reducing visibility and slowing incident response to malicious activity.
Operational notes
Monitor and alert on log-forwarding delays and failures; confirm systems send events to the central logging facility immediately after generation.
Implementation tips
- IT team should ensure all event logs are configured to be sent to a central system. They can do this by setting up each computer or device to automatically send logs as soon as they are created, using built-in system settings.
- System owners should regularly verify that logs are being sent correctly. They can do this by checking the central log system for recent entries from each machine or device they manage.
- Managers should schedule regular reviews of the central log system's performance. They can do this by setting monthly meetings with the IT team to go over system logs and discuss any issues that have been identified.
- The IT team should set up alerts for unusual log activity in the central system. They can use simple settings to send emails or notifications if certain types of rare or suspicious events are logged.
- HR should work with the IT team to ensure staff understand why logging is important. This can be done through a short training session explaining how timely logs help protect the company and keep information safe.
Audit / evidence tips
-
Askthe log transmission settings from each system or device
Goodis seeing automatic settings that push logs immediately after events occur
-
Goodis a report that shows frequent entries from each networked device
-
Askdetails on the alert configurations for unusual event logs
Goodincludes a wide range of alerts with clear notification processes
-
Goodis notes that highlight issues addressed and solutions proposed
-
Askevidence of staff training on the importance of logging
Goodis training slides or handouts and a sign-in sheet with participant names
Cross-framework mappings
How ISM-1983 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| layers Partially meets (1) expand_less | ||
| Annex A 8.15 | ISM-1983 requires event logs to be sent to a centralised event logging facility as soon as possible after they occur | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (3) expand_less | ||
| extension Depends on (3) expand_less | ||
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.