Computer and Network Log Analytics

Computer and Network Log Analytics

Computer and Network Log Analytics

Project Name: Computer and Network Log Analytics

Description: This blog will help you to understand Computer and Network Log Analytics.

Security Logs Category, Operating System Logs Analysis, Application Logs, Security Software Logs Analysis, Router Log Files Analysis, Linux Process Account Analysis, Windows Log Files Analysis

Author: Rohit D Sadgune

FAQ on Computer and Network Log Analytics

  1. What is computer security logs?
  2. What are the different security logs category?
  3. List of security software logs
  4. What is log file
  5. What is logging
  6. What is a log file analyzer
  7. What is Log Management
  8. What are different Event Log Categories
  9. Types of Event Logs

 

What a log file ?

In a digital world, a logfile is a information either in the forms of events that occur on any digital device, or communication information between different users

What a Logging?

Logging is the process of keeping a log. Logging can help technical people for the maintenance of applications or websites.

  • to define whether a informed issue is actually a bug
  • to help analyse, reproduce all the issues and unfold bugs
  • to help test new features in a development stage

Computer Security Logs

Computer security logs contain information about the events occurring within an organization over the digital system & network. A security log is used to maintain security related residual data on a computer system

       Security Logs category

  • Operating System Logs: – Logs of Operating system, Server, Workstation, Network devices.
  • Application Logs: – Logs of application which are running on system
  • Security Software logs: – Logs of network & host based security software.

Operating system Logs

Operating system logs are most beneficial for threat identifying or investigation suspicious activities involving a particular host.

Event Logs: – Contains data about operational action performed by Operating systems component.

Audit Logs: – Contains successful event information such as successful & ailed authentication attempts, file accesses, security policy changes & account changes.

Application Logs

  • Application logs consists of all the events logs by the programs
  • Events that are written to the application logs are determined by the developers of the software programs.
  • Common Log information
  1. Client request & server response
  2. Account Information
  3. Usage Information
  4. Significant Operational action

Security software Logs

This is very important logs from investigation point of view.

  1. Antimalware Software
  2. IDS / IPS logs
  3. Remote access software
  4. web proxies
  5. Vulnerability Management Service / Software
  6. Authentication Server
  7. Router
  8. Firewalls
  9. Network Quarantine Server
  10. Antivirus logs

Router Log Files

  • Router stores log files in router cache
  • It is recommended to take bit stream image of router cache
  • It provides detailed information about the network traffic on the internet
  • it gives information about the attack o and from the networks

Linux Process Account

  • Linux process accounts track the commands that each user execute.
  • The process tracking logs /var/adm , /var/log , /usr/adm
  • The track files can be viewed with the lastcomn command
  • It enable process tracking with accton command or the startup (/usr/lib/acct/startup) command

Windows Log files

Windows log path :- Windows log files are stored in %systemroot%\system32\winevt\logs\

  1. evtx
  2. etx
  3. evtx

What is Log Management

Log management (LM) is systematic approach to process with large scale of log messages (also known as audit records, audit trails, event-logs, etc.). Log Management mainly covers:

  • Log collection
  • Centralized log aggregation
  • Long-term log storage and retention
  • Log rotation
  • Log analysis (in real-time and in bulk after storage)
  • Log search and reporting.

Types of Event Logs

Computer and Network Log Analytics
                                             Computer and Network Log Analytics

 

What are different Event Log Categories

  • Application Log: – Any event logged by an application. These logs are structured by the developers while developing the application.
  • System Log: – Any event logged by the Operating System.
  • Security Log: – Any event that records about the security of the system.
  • Directory Service Log: –  These logs are transacted of Active Directory. This log are primarily accessible to only on domain controllers.
  • DNS Server Log: –  log records events for DNS servers and name resolutions. This log are primarily accessible to only on DNS servers
  • File service log records events of domain controller replication This log is available only on domain controllers
Core Working Areas :- Threat Intelligence, Digital Forensics, Incident Response, Fraud Investigation, Web Application Security Technical Certifications :- Computer Hacking Forensics Investigator | Certified Ethical Hacker | Certified Cyber crime investigator | Certified Professional Hacker | Certified Professional Forensics Analyst | Redhat certified Engineer | Cisco Certified Network Associates | Certified Firewall Solutions | Certified Network Monitoring Solution | Certified Proxy Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *

Enter Captcha Here : *

Reload Image