Introduction to Logging & Logs | TryHackMe Intro to Logs

TryHackMe Intro to Logs

We covered an introduction to logging where we discussed the logic of creating logs and why we create logs. Logs are created and generated to track performance, analyze security incidents and to establish a pattern from which future events can be predicted. Logs can be system logs, application logs, security logs, audit logs, server logs and database logs. The process of log management starts with collecting logs, storing them in a central location, parsing the logs and then analyzing using log analysis tools and SIEM as well. This was part of TryHackMe Intro to Logs walkthrough which is part of TryHackMe SOC Level 2 Track.

Offensive Security Certified Professional Study Notes and Guide

The Complete Practical Web Application Penetration Testing Course

Highlights

Log files are records of events committed to a file in a list format. They can include all sorts of information about events that happened at a particular time. Every device on the network creates log files, thus giving you a history of what’s been happening.
Logs typically contain five headed-up areas. They are:

• Timestamp –the time of the event.
• Log level — how severe or important the event is.
• Username– who caused the event.
• Service or application — what caused the event.
• Event description — what has happened.

Log file types

• Event log –records information about the usage of network traffic and tracks login attempts, application events, and failed password attempts.
• System log (or syslog) – records operating system events, including startup messages, system changes, shutdowns, and errors and warnings.
• Server log – contains a record of activities in a text document related to a specific server over a specific period of time.
• Change log – lists changes made to an application or file.
• Availability log –tracks uptime, availability, and system performance.
• Authorization and access log – lists who is accessing applications or files.
• Resource log –provides information on connectivity issues and any capacity problems.
• Application Logs Messages about specific applications, including status, errors, warnings, etc.
• Audit Logs Activities related to operational procedures crucial for regulatory compliance.
• Security Logs Security events such as logins, permissions changes, firewall activity, etc.
• Network Logs Network traffic, connections, and other network-related events.
• Database Logs Activities within a database system, such as queries and updates.
• Web Server Logs Requests processed by a web server, including URLs, response codes, etc.

Room Answers

Room answers can be found here

Video Walkthrough