https://www.dnsstuff.com/free-siem-tools
This article lists Security Information and Event Management (SIEM) tools that provide log analysis and correlation of events. Caveat: Open source may be sufficient for some small companies but do not provide support and may offer only a limited feature set. Most of these open source solutions offer a paid option as well. If you try it and like it, upgrading to the paid option to gain support and features is easy.
https://www.dnsstuff.com/free-log-management-tools
This link provides a list of no or low cost log management tools.
https://www.kroll.com/en/insights/publications/how-to-build-your-cyber-incident-response-plan
In this article, Kroll provides a high-level view of how to build an IRP and the types of questions you will want to address as you begin planning.
https://help.ubuntu.com/community/Logwatch
This document from Ubuntu discusses Logwatch, a tool that will monitor your server's logs and email the administrator a digest on a daily basis.
https://nvd.nist.gov/800-53/Rev4/control/IR-4
NIST resource that defines incident handling requirements from event to incident declaration.
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-92.pdf
This NIST Special Publication provides practical guidance on developing and maintaining effective log management practices.
https://www.nsu.edu/getattachment/About/Administrative-Offices-Services/its/Policies/32-8-306-Audit-Review-Analysis-and-Reporting-pdf.pdf.aspx
This link from Norfolk State University serves as is an example of a log review, analysis, and reporting policy.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltd346db979178897d/5e9dfdd5dac81811514a1b08/information_logging_standard.pdf
This policy from SANS helps identify requirements that must be met by a system to generate logs.
https://www.sans.org/white-papers/33528/
This SANS whitepaper offers common elements to success for log management, in order to prepare for regulatory compliance audits.
https://www.techtarget.com/searchsecurity/tip/Security-log-management-and-logging-best-practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions.
