WHAT YOU WILL LEARN IN THIS CHAPTER:

• Windows Event Viewer
• PowerShell
• BareTail
• Syslog
• Solarwinds Kiwi

When I was growing up, my older brother was a Trekkie, a Star Trek fan. James T. Kirk, the captain of the U.S.S. Enterprise, would make entries into a captain's log. The captain's log has been a form of record keeping since the first captains sailed the seas. The log was used to inform the captain's superiors, either owners of the ship or governmental entities, what was happening while exploring or completing a mission or to record historical facts for future generations. Our networks work the same way. Every device on your network generates some type of log‐in some type of language. Some of it is human readable, and some looks like gibberish. Some logs are more useful than others, and we should understand which ones need to be preserved for future analysis. You don't need to log everything, but what you do log should be purposely collected and managed.

CIS Control 6 is the maintenance, monitoring, and analysis of audit logs. Our organizations are evolving quickly, and we have to learn to deal with log data in the big data cloud era. Analyzing audit logs is a vital part of security, not just for system security but for processes and compliance. Part of the process of log analysis is reconciling logs from different sources and correlation even if those devices are in different time zones. If you look at a basic network topology, you will have many types ...