Computer and Network Log Analytics
Cyber Threat

Computer and Network Log Analytics

Project Name: Computer and Network Log Analytics

Description: This blog will help you to understand Computer and Network Log Analytics.

Security Logs Category, Operating System Logs Analysis, Application Logs, Security Software Logs Analysis, Router Log Files Analysis, Linux Process Account Analysis, Windows Log Files Analysis

Author: Rohit D Sadgune

FAQ on Computer and Network Log Analytics

  1. What is computer security logs?
  2. What are the different security logs category?
  3. List of security software logs
  4. What is log file
  5. What is logging
  6. What is a log file analyzer
  7. What is Log Management
  8. What are different Event Log Categories
  9. Types of Event Logs


What a log file ?

In a digital world, a logfile is a information either in the forms of events that occur on any digital device, or communication information between different users

What a Logging?

Logging is the process of keeping a log. Logging can help technical people for the maintenance of applications or websites.

  • to define whether a informed issue is actually a bug
  • to help analyse, reproduce all the issues and unfold bugs
  • to help test new features in a development stage

Computer Security Logs

Computer security logs contain information about the events occurring within an organization over the digital system & network. A security log is used to maintain security related residual data on a computer system

       Security Logs category

  • Operating System Logs: – Logs of Operating system, Server, Workstation, Network devices.
  • Application Logs: – Logs of application which are running on system
  • Security Software logs: – Logs of network & host based security software.

Operating system Logs

Operating system logs are most beneficial for threat identifying or investigation suspicious activities involving a particular host.

Event Logs: – Contains data about operational action performed by Operating systems component.

Audit Logs: – Contains successful event information such as successful & ailed authentication attempts, file accesses, security policy changes & account changes.

Application Logs

  • Application logs consists of all the events logs by the programs
  • Events that are written to the application logs are determined by the developers of the software programs.
  • Common Log information
  1. Client request & server response
  2. Account Information
  3. Usage Information
  4. Significant Operational action

Security software Logs

This is very important logs from investigation point of view.

  1. Antimalware Software
  2. IDS / IPS logs
  3. Remote access software
  4. web proxies
  5. Vulnerability Management Service / Software
  6. Authentication Server
  7. Router
  8. Firewalls
  9. Network Quarantine Server
  10. Antivirus logs

Router Log Files

  • Router stores log files in router cache
  • It is recommended to take bit stream image of router cache
  • It provides detailed information about the network traffic on the internet
  • it gives information about the attack o and from the networks

Linux Process Account

  • Linux process accounts track the commands that each user execute.
  • The process tracking logs /var/adm , /var/log , /usr/adm
  • The track files can be viewed with the lastcomn command
  • It enable process tracking with accton command or the startup (/usr/lib/acct/startup) command

Windows Log files

Windows log path :- Windows log files are stored in %systemroot%\system32\winevt\logs\

  1. evtx
  2. etx
  3. evtx

What is Log Management

Log management (LM) is systematic approach to process with large scale of log messages (also known as audit records, audit trails, event-logs, etc.). Log Management mainly covers:

  • Log collection
  • Centralized log aggregation
  • Long-term log storage and retention
  • Log rotation
  • Log analysis (in real-time and in bulk after storage)
  • Log search and reporting.

Types of Event Logs

Computer and Network Log Analytics
                                             Computer and Network Log Analytics


What are different Event Log Categories

  • Application Log: – Any event logged by an application. These logs are structured by the developers while developing the application.
  • System Log: – Any event logged by the Operating System.
  • Security Log: – Any event that records about the security of the system.
  • Directory Service Log: –  These logs are transacted of Active Directory. This log are primarily accessible to only on domain controllers.
  • DNS Server Log: –  log records events for DNS servers and name resolutions. This log are primarily accessible to only on DNS servers
  • File service log records events of domain controller replication This log is available only on domain controllers

No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *


Cyber Threat
Indicator of Attack vs Indicator of Compromises

Indicator of Attack vs Indicator of Compromises Project Name: Indicator of Attack vs Indicator of Compromises (IOA vs IOC) Description: –  Cyber Threats are nothing but system to system attack that creates adversary’s efforts on the confidentiality, integrity, or availability of a digital information resident on system. Cyber-attacks are increasing in …

How to keep your cell phones secure
Cyber Threat
How to keep your cell phones secure

How to keep your cell phones secure Project Name: How to keep your cell phones secure Description: Mobile malware is spreading exponentially today, stealing personal and professional information which may ruin one’s financial, professional and mental health. This blog shares all simple tips to understand how one’s cell phone can be …

Power of Security Operation Center
Cyber Threat
Power of Security Operation Center

Power of Security Operation Center Project Name: Power of Security Operation Center Description: – Power of Security Operation Center is a concept of a highly skilled expert team working towards continuously monitoring and improving organizations security in the process of prevention, careful planning, detection and responding with a well-defined process. In …

%d bloggers like this: