CHAPTER 15

Log Management

In this chapter, you will learn:

•   About log types: syslog and Windows Event Viewer logs

•   About centralized logging servers

•   The role of security information and event management (SIEM)

•   The difference between operating system logs and application logs

If you have ever tried to find a reason why a system or an application wasn’t working correctly, you may appreciate the value of logs. Without some insight into what is happening internally with a system or application, you are working in the dark. You’re staggering around a very dark room, randomly feeling with your hands because your eyes can’t help you. Fortunately, logs provide visibility. When something bad is happening or, more importantly, has already ...

Get GSEC GIAC Security Essentials Certification All-in-One Exam Guide, Second Edition, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.