Week 10

Leave a reply

In this session we learned about event log correlation and analysis, which are related to last week’s forum-based assignment.

Log Sources:

  1. OS Logs
    • Windows – Event Logs
    • Linux – syslog
  2. Application Logs
    • SMTP Logs
    • Web Server Logs
    • Access Logs
  3. Physical Device
    • Camera Logs
    • UPS Logs
  4. Network Equipment Logs
    • Router Logs
    • Switch Logs

Windows Logs:

Is usually used in the early detection system and provides data for an investigation

  1. Firewall
  2. Recycle bin
  3. IE Browsing history
  4. Shortcut files

Analysis Tools:

  1. Commercial Tools:
    • Retrace
    • Splunk
    • Logmatic
    • Logentries
  2. Open Source Tools:
    • Logstash
    • Graylog

Graylog is able to analyse all the logs when all the companies servers are connected to it. Hence, when one system is attacked, the attack can be investigated through the data of the attack where graylog also provides the time and source of each log. Because of that, it is easier to identify if someone attempts to brute force into the system.

Leave a Reply

Your email address will not be published. Required fields are marked *