Analyzing Logs For Security Information Event Management
All network systems and devices like Windows/Linux desktops & servers, routers, switches, firewalls, proxy server, VPN, IDS and other network resources generate logs by the second. And these logs contain information of all the system, device, and user activities that took place within these network infrastructures. Log files are important forensic tools for investigating an organizations security posture. Analysis of these log files provide plethora of information on user level activities like logon success or failure, objects access , website visits; system & device level activities like file read, write or delete, host session status, account management, network bandwidth consumed, protocol & traffic distribution; and network security activities like identifying virus or attack signatures and network anomalies.