Types of Logs in Cybersecurity and IT Operations

Logs are critical for monitoring, troubleshooting, and securing IT systems. Below are key types of logs and their applications:

📢 Authentication Logs

Track user login attempts (successful/failed) to detect unauthorized access.

Where Used: OS (Windows/Linux), applications, network systems.

📢 System Logs

Record OS-level events (hardware changes, errors, resource usage).

Where Used: Windows Event Log, Linux `syslog`, `/var/log/`.

📢 Application Logs

Capture app-specific events (errors, warnings, user actions).

Where Used: Web servers (Apache/Nginx), databases, custom apps.

📢 Network Logs

Document traffic flow across routers, switches, and firewalls.

Where Used: Tools like Wireshark, Zeek, SIEMs (Splunk, ELK).

📢 Firewall Logs

Track allowed/blocked connections for security policy enforcement.

Where Used: iptables, pfSense, Cisco ASA.

📢 Database Logs

Log transactions, queries, and errors for integrity/performance.

Where Used: MySQL (`general_log`), PostgreSQL (`pg_log`), MSSQL.

📢 Security Logs

Focus on security events (access control changes, policy violations).

Where Used: IDS/IPS (Snort), SIEMs, Windows Security Log.

📢 Audit Logs

Record user/System actions for compliance (GDPR, HIPAA).

Where Used: Linux `auditd`, Windows Audit Policies.

You Should Know: Practical Log Management Commands

Linux Logs

1. View System Logs:

cat /var/log/syslog  General system logs
journalctl -xe  Systemd logs (modern Linux)
dmesg  Kernel logs

2. Authentication Logs:

tail -f /var/log/auth.log  Ubuntu/Debian
tail -f /var/log/secure  CentOS/RHEL

3. Audit Logs (auditd):

sudo auditctl -l  List active rules
sudo ausearch -k "failed_login"  Search audit logs

Windows Logs

1. Event Viewer:

Get-EventLog -LogName Security -Newest 10  PowerShell
wevtutil qe Security /c:5  CMD (last 5 events)

2. Firewall Logs:

Get-NetFirewallRule | Where-Object { $_.Action -eq "Block" }

3. IIS/Application Logs:

Get-ChildItem C:\inetpub\logs\LogFiles\ -Recurse

Database Logs

1. MySQL:

SHOW VARIABLES LIKE 'general_log%'; -- Enable general log

2. PostgreSQL:

grep "ERROR" /var/log/postgresql/postgresql-14-main.log

Network Logs

1. Packet Capture:

tcpdump -i eth0 port 80 -w traffic.pcap  Save HTTP traffic

2. Firewall Logging (iptables):

iptables -A INPUT -j LOG --log-prefix "BLOCKED: "
tail -f /var/log/kern.log

What Undercode Say

Logs are the backbone of cybersecurity and IT operations. Proper log analysis can:
– Detect intrusions (e.g., brute-force attacks in auth.log).
– Troubleshoot system crashes (via `dmesg` or Windows Event Viewer).
– Ensure compliance (audit logs for GDPR/HIPAA).

Pro Tip: Use SIEM tools (Splunk, Graylog) for centralized log management.

Expected Output:

• Linux: `/var/log/` files, journalctl, auditd.
• Windows: Event Viewer, wevtutil, PowerShell cmdlets.
• Network: tcpdump, firewall logs (iptables/Windows Firewall).
• Databases: MySQL general_log, PostgreSQL pg_log.

Relevant URLs:

• Linux Auditd Guide
• Windows Event Logging
• ELK Stack for Logs

References:

Reported By: Sina Riyahi – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram