top of page
Elizabeth Rasnick

Day 57 of 100 Days of Cybersecurity - Logs


Let’s talk logs! This will be the briefest of discussions on a massive topic. Logs are an essential component for the maintenance of a system. There are logs for a signal device, for large wide area networks, and everything in between. Logs, also referred to as log files, are the records of activities that take place on the device, devices, or network that the log is assigned to track.

Log files may be device based. That is a log file could be set up to record all the activities that occur on a specific device. We can use my laptop on which I am writing this little snippet. There is a log file record for the activity of my creating and editing the file in which I am typing. I take my daily photos on my smartphone and then upload them to a folder with all the original photos from my phone. There is a file log that records my daily addition of the photo. When I edit the photo to add the text, that is recorded in the photo’s log file also. I then insert the photo into my document file. This is also placed in the photo’s log file. With each of these activities, the time and date are also entered into the log. To sum it up, from creation to deletion, every operation conducted on a file is placed in the log for that file.


Log files can be activity based. Any activity occurring on a system is recorded to a log file. Printers have a log file for all printer related activities like who printed what document when. Email systems have log files to keep a history of all email messages. File server logs document every time a file is accessed, what type of access took place (create, read, write, read/write, delete), who accessed the file, where it was accessed from, and how long the file was in use, along with other details. Anomalous activities in any of these log files may indicate an attack in progress or waiting in the wings to be launched.

Network log files are a necessity for network administrators who need to track down which users are causing problems or which resources are under siege. Network log file tracks all the interactions taking place on a network. All the data packets that travel within the network are logged for future analysis. This is one of the tools that network administrators use to determine if there is a problem with network performance. Irregular or poor performance may be an indicator of an attack taking place. The initial launch points of attacks can be discovered through the log files after an attack has been exterminated. The information that is collected here can be used in awareness training in an attempt to prevent future similar attacks.


1 view0 comments

Recent Posts

See All

Comments


bottom of page