Network Device Logs
- network device log is a valuable source of:
- performance
- troubleshooting
- security auditing information
- a single logged event has:
- metadata
- e.g., data and time
- category
- event ID
- description and contents of error or informational output
- metadata
- types of logs:
- system
- security
- application
- performance or traffic
System and Application Logs
System log records startup events and subsequent changes to the configuration at an OS level.
- includes:
- kernel processes
- drivers
- core services
Application log records data for a single specific service.
- e.g., DNS, HTTPS, or database
- may write to multiple log files
- e.g., Apache web server logs:
- errors to one file
- access attempts to another
- e.g., Apache web server logs:
Audit Logs
Audit log records use of authentication and authorization privileges.
- records success/failure type events
- may be called access log or security log
- may be performed at OS level and per-application level
Info
- audit logs typically associate an action with a user
- thus, critical users do not share logons
Performance/Traffic Logs
Performance and traffic logs record metrics for compute, storage, and network resources over a defined period.