For analyzing Log mangement Devices we need to know what are logs, why they are important, why we need to consolidate and what kind of reporting we need. All of us will be familiar with the logs of servers (which can be of windows, linux or solaris), Networking devices (Routers, switches and Firewalls). I think we can analyze this from beginning.
What are Logs
Log are nothing but records of systems / network activity carried over by users. the events generated by an application will also be stored in log files for forensic purpose. its critical if we say forensic as the forensic investigation of emails, unauthorized access, malware creation and lot more events.
What logs should be analyzed :
– Logs of Firewall (contains incoming and outgoing traffic information)
– Web server logs (incoming / outgoing request / sql injection attacks)
– Application Logs (logs of application)
– Database Logs (Logs of Database events like db restore or backup)
– Directory Server Logs(unwanted access to file servers, unauthorized downloads)
– DHCP Logs (Find Machines connected to network)
– VPN Client Logs
What all Events should be logged :
– We should have a written document for this. the main events to be logged include
– Access Control and Admin Policy Events (Login / Logout date and time)
– Data Confidentiality and Integrity policy
– Non Discretionary policy
– Availability (Total UPTIME of Devices)
– Cryptographic Events
– Default and Dependent Events
If you’re a Facebook user and want to keep up on the latest Technology news why don’t you join the CyberVally Facebook page?
If you enjoyed reading this post, please consider leaving a comment below or subscribing to the feed
