Definition, meaning and use of computer log file
The term log (or even log file) means a record of events that occur within an organization’s computer systems and networks. Log files are composed of entries; each entry contains information relating to a specific event that occurred within a system or network. Originally the logs were mainly used for troubleshooting, but currently the logs perform various functions within organizations, such as optimizing the performance of systems and networks, recording user actions, investigating activities. malevolent. Many of these logs contain information related to system security; examples of this type of log are the audit logs, which keep track of user authentication attempts and security device logs, which record possible attacks.
Following the increase in the number of devices connected to the network and the increase in threats to these systems, the number of logs has gradually increased, to the point of requiring a real log management process. With log management we mean the process of generating, transmitting, storing, analyzing and making available security logs.
With log management infrastructure is meant the set of hardware, software, networks and media used for log management (log management).
Types, use and management of log files
The various types of systems within an organization produce logs that contain different types of information. Some types of logs are more suitable than others for the purpose of identifying attacks, frauds and inappropriate uses. For each type of situation, certain logs are more relevant than others in containing detailed information on the activities in question. Other types of logs contain less detailed information, but are still useful for correlating logs with those of the main type. For example, an intrusion detection system can detect malicious commands sent to a server from an external host: this will be the primary source of information. It may therefore be useful to look inside the logs of a firewall for other connections attempted by the same IP source: this will be the secondary source of information on the attack. In this regard it is useful to read the article Security log and security devices and the one about the IT security monitoring through risk analysis.