https://www.dnsstuff.com/free-siem-tools
This article lists Security Information and Event Management (SIEM) tools that provide log analysis and correlation of events. Caveat: Open source may be sufficient for some small companies but do not provide support and may offer only a limited feature set. Most of these open source solutions offer a paid option as well. If you try it and like it, upgrading to the paid option to gain support and features is easy.
https://www.dnsstuff.com/free-log-management-tools
This link provides a list of no or low cost log management tools.
https://www.kroll.com/en/insights/publications/how-to-build-your-cyber-incident-response-plan
In this article, Kroll provides a high-level view of how to build an IRP and the types of questions you will want to address as you begin planning.
https://help.ubuntu.com/community/Logwatch
This document from Ubuntu discusses Logwatch, a tool that will monitor your server's logs and email the administrator a digest on a daily basis.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
This NIST Special Publication provides practical guidance on developing and maintaining effective log management practices.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd346db979178897d/5e9dfdd5dac81811514a1b08/information_logging_standard.pdf
This policy from SANS helps identify requirements that must be met by a system to generate logs.
https://www.sans.org/white-papers/33528/
This SANS whitepaper offers common elements to success for log management, in order to prepare for regulatory compliance audits.
https://www.techtarget.com/searchsecurity/tip/Security-log-management-and-logging-best-practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions.
US-CERT – CRR Supplemental Resource Guide, Volume 5: Incident Management
3.3 3.3.5 Audit and Accountability
https://www.cisa.gov/uscert/sites/default/files/c3vp/crr_resources_guides/CRR_Resource_Guide-IM.pdf
US-CERT resource that provides information on how to create, test and improve an Incident Management plan.
