As internet activity and the use of technology increase so does the landscape for vulnerabilities that can be abused by cyber-criminals. In today's world, it is not the question if a cyber attack will happen but rather when will it happen. Therefore, to protect ourselves from attacks we have to find the vulnerabilities before they can be exploited. This is where security information and event management together with log strategies come into play as they focus more on the detection and response of threats rather than only trying to prevent them. However, organizations should still define their log strategy and log management solution as a means to gain better insight into any vulnerabilities that may exist within their infrastructure. Logs are produced by a big variety of devices with different content and formats. This makes the creation of a logging strategy a difficult and enduring task and if companies decide they want to implement such a solution they will need to invest both a lot of time and money.This study has created a general guide for companies that may lack knowledge or sufficient funds. The guide will help organizations to implement a basic foundation for their log management and find what their vulnerabilities or shortcomings may be. A general design is presented, implemented and evaluated in a case study. This work demonstrates the applicability of the guideline. The results are that even though it is difficult to implement log management it is also possible to create a basic log management foundation for an organization. This study concludes how a company can achieve a basic foundation and achieve security information and event management for their organization by the use of a general log strategy.