Computer and Network Log Analytics
Project Name: Computer and Network Log Analytics
Description: This blog will help you to understand Computer and Network Log Analytics.
Security Logs Category, Operating System Logs Analysis, Application Logs, Security Software Logs Analysis, Router Log Files Analysis, Linux Process Account Analysis, Windows Log Files Analysis
Author: Rohit D Sadgune
FAQ on Computer and Network Log Analytics
- What is computer security logs?
- What are the different security logs category?
- List of security software logs
- What is log file
- What is logging
- What is a log file analyzer
- What is Log Management
- What are different Event Log Categories
- Types of Event Logs
What a log file ?
In a digital world, a logfile is a information either in the forms of events that occur on any digital device, or communication information between different users
What a Logging?
Logging is the process of keeping a log. Logging can help technical people for the maintenance of applications or websites.
- to define whether a informed issue is actually a bug
- to help analyse, reproduce all the issues and unfold bugs
- to help test new features in a development stage
Computer Security Logs
Computer security logs contain information about the events occurring within an organization over the digital system & network. A security log is used to maintain security related residual data on a computer system
Security Logs category
- Operating System Logs: – Logs of Operating system, Server, Workstation, Network devices.
- Application Logs: – Logs of application which are running on system
- Security Software logs: – Logs of network & host based security software.
Operating system Logs
Operating system logs are most beneficial for threat identifying or investigation suspicious activities involving a particular host.
Event Logs: – Contains data about operational action performed by Operating systems component.
Audit Logs: – Contains successful event information such as successful & ailed authentication attempts, file accesses, security policy changes & account changes.
Application Logs
- Application logs consists of all the events logs by the programs
- Events that are written to the application logs are determined by the developers of the software programs.
- Common Log information
- Client request & server response
- Account Information
- Usage Information
- Significant Operational action
Security software Logs
This is very important logs from investigation point of view.
- Antimalware Software
- IDS / IPS logs
- Remote access software
- web proxies
- Vulnerability Management Service / Software
- Authentication Server
- Router
- Firewalls
- Network Quarantine Server
- Antivirus logs
Router Log Files
- Router stores log files in router cache
- It is recommended to take bit stream image of router cache
- It provides detailed information about the network traffic on the internet
- it gives information about the attack o and from the networks
Linux Process Account
- Linux process accounts track the commands that each user execute.
- The process tracking logs /var/adm , /var/log , /usr/adm
- The track files can be viewed with the lastcomn command
- It enable process tracking with accton command or the startup (/usr/lib/acct/startup) command
Windows Log files
Windows log path :- Windows log files are stored in %systemroot%\system32\winevt\logs\
- evtx
- etx
- evtx
What is Log Management
Log management (LM) is systematic approach to process with large scale of log messages (also known as audit records, audit trails, event-logs, etc.). Log Management mainly covers:
- Log collection
- Centralized log aggregation
- Long-term log storage and retention
- Log rotation
- Log analysis (in real-time and in bulk after storage)
- Log search and reporting.
Types of Event Logs
What are different Event Log Categories
- Application Log: – Any event logged by an application. These logs are structured by the developers while developing the application.
- System Log: – Any event logged by the Operating System.
- Security Log: – Any event that records about the security of the system.
- Directory Service Log: – These logs are transacted of Active Directory. This log are primarily accessible to only on domain controllers.
- DNS Server Log: – log records events for DNS servers and name resolutions. This log are primarily accessible to only on DNS servers
- File service log records events of domain controller replication This log is available only on domain controllers