Log Data
- Event data is generated by processes running on network appliances and general computing hosts
- process typically writes its event data to a specific log file or database
- Each event is comprised of:
- message data
- is the specific notification or alert raised by the process
- e.g., “Login failure” or “Firewall rule dropped traffic”
- is the specific notification or alert raised by the process
- metadata
- is the source and time of the event
- message data