For those of you concerned with Industrial Control System (ICS) Security, the DHS ICS-CERT is an invaluable resource.  In their most recent ICS CERT Newsletter (p2) the Situational Awareness section focuses on failures and fixes for logging and event monitoring.    “ICS CERT found that ineffective auditing and logging was one of the most consistent technical issues/obstacles encountered when responding to onsite incident visits.” The lesson’s learned this from the folks that provide incident response support for ICS failures across the US is worthwhile reading. http://www.us-cert.gov/control_systems/pdf/ICS-CERT_Monthly_Monitor_March_2012.pdf