Learning Logs

Sharing our logging knowledge. A place we log our insights, experiences, and findings as it pertains to the world of logs.

Full text logging search

Syslog Daemons difference (syslogd, rsyslog and syslog-ng)

This article explains the differences between the different syslog daemons: syslogd, rsyslog and syslog-ng, found in Linux and BSD distributions.







Posted in log-tutorial   syslog-logs     /   2024-11-25

Detecting Out-of-Band Interactions with Log Analysis and SIEM Tools

Discover how to identify out-of-band interactions in web server logs, understand their significance, and utilize log analysis, log management, and SIEM tools to enhance security.







Posted in log_management     /   2024-11-21

Difference Between SIM, SIEM, Log Management, and Log Analysis

Explore the differences between SIM (Security Information Management), SIEM (Security Information and Event Management), log management, and log analysis, with practical examples and actionable insights.







Posted in sim   siem   log-management     /   2024-11-21

Recovering files deleted by mistake on Linux/Ubuntu

Recovering files deleted by mistake on Linux/Ubuntu using PhotoRec







Posted in troubleshooting-guides     /   2024-11-21

Logging basics: Syslog protocol in detail

Understanding the syslog protocol. The facilities, levels and how it works.







Posted in syslog     /   2024-11-20

Troubleshooting Remote Syslog with TCPDUMP

How to troubleshoot remote syslog with tcpdump. rsyslog, syslog-ng, linux, ubuntu, red hat, centos







Posted in troubleshooting-guides   tcpdump-logs   syslog-logs     /   2024-11-20

A Guide to: NGINX Logs

NGINX is a powerful web server and logging is a critical piece to managing a web server. In this article we explain the two log types: access and error, and how to work with them.







Posted in log-guide   nginx-logs     /   2024-11-20

Threat Hunting: An Advanced Guide to Log Analysis for Cybersecurity

Learn how to proactively identify cybersecurity threats through log analysis. This guide covers essential threat-hunting techniques, from detecting suspicious logins to flagging anomalies, ensuring your organization's defenses stay ahead of attackers.







Posted in threat   hunting,   log   analysis,   cybersecurity     /   2024-11-20

Threat Hunting: A Basic Guide to Log Analysis for Cybersecurity

Learn how to proactively identify cybersecurity threats through log analysis. This guide covers essential threat-hunting techniques, from detecting suspicious logins to flagging anomalies, ensuring your organization's defenses stay ahead of attackers.







Posted in threat   hunting,   log   analysis,   cybersecurity     /   2024-11-19

A Log Guide to: Apache Logs

In this article we explain the two log types: access and error, and how to work with them.







Posted in log-guide   apache-logs     /   2024-11-14

Top 5 Reasons to Monitor Web Server Logs for Better Security & Performance

Learn the top 5 reasons why monitoring web server logs is crucial for your website. Boost security, optimize performance, ensure compliance, and gain insights to enhance user experience. Don't miss these essential benefits!







Posted in Syslog     /   2024-11-14

Looking at your logs - DDoS attack

Looking at our web logs when the site is under a DDoS / HTTP flood attack. How it looks like.







Posted in ddos   logging     /   2024-10-04

Web Attack Analysis - Malicious IP 50.16.95.X Targeting Multiple Platforms and vulnerabilities

Web Attack Analysis - Malicious IP 50.16.95.X. Breakdown of the malicious activity from IP 50.16.95.X, Covering 50 different attack types, user-agent spoofing, and vulnerabilities across multiple platforms.







Posted in web_attacks     /   2024-09-24

Logging basics: What is NetFlow

An explanation of NetFlow, including how it works, the data it collects, storage considerations, and how to analyze NetFlow records.







Posted in netflow     /   2024-09-22

Understanding and Managing MySQL Logs

Learn how to enable, read, and analyze MySQL logs to monitor and troubleshoot your MySQL database effectively.







Posted in mysql   logs     /   2024-06-27

Understanding Linux Audit Logs: A Detailed Breakdown

An in-depth look at the types of Linux audit logs in /var/log/audit/audit.log, Enabled by default on Red Hat and Suse Linux, they can provide a lot of information about what is happening on your system.







Posted in audit   logging     /   2024-06-22

Grep Performance - Testing how fast grep can parse through data

Grep Performance - Grep is the goto command to search for content on Linux and Unix systems. How fast can it go? And at what point you need a a different way to look for logs.







Posted in grep     /   2024-06-07

Logging basics: How Syslog Network Protocol Works - in the wire

Logging basics. An explanation of how the Syslog network protocol works, including message transmission, ports, and analysis with tcpdump.







Posted in syslog     /   2024-06-04

Compressing SQLite databases with ZFS - A comprehensive guide and performance testing.

Compressing SQLite databases with the ZFS file system on Linux. Testing the storage gain and the performance difference.







Posted in sqlite   zfs     /   2024-05-13

Learn How to Test System Logging with Logger

Logger is a command-line tool for Linux and BSD systems that allows you to easily test and send logs to syslog.







Posted in log-tutorial     /   2024-04-30

Log Management and Security

This article explains how log management fits into the security paradigm.







Posted in industry-insights   log-management   security     /   2024-04-30

5 Ways Log Management and SIEM Technologies Strengthen Security Governance

Article explains how log management and SIEM technology can strengthen security governance programs.







Posted in log-management     /   2024-04-30

Log Management: Introducing Active Response, Putting Logs to Work

Article explains how you can use logs to deploy proactive, defensive, controls based on network activity.







Posted in log-management     /   2024-04-30

Log Management: Understanding its Importance and Functionality

Article explains what log management is and why it matters.







Posted in log-management     /   2024-04-30

Logging basics: What is syslog

Logging basics, what is the syslog protocol and what it is used for.







Posted in Syslog     /   2023-01-25

Log Analysis: Do Lead Generation Platforms work?

This article leverages logs to see the quality of leads generated by the Capterra lead generation platform.







Posted in log-analysis     /   2023-01-01

Trunc - What Events to Log to your central logging server

In this article we explore the best practices and the type of events that you should always store in your central logging server.







Posted in log-tutorial   log-management     /   2022-10-13

Detecting Web Attacks via 404 Errors in Your Logs

This article highlights the importance of logging, and shows how DevSecOp teams can use logs to understand what bad actors are looking for across their web assets.







Posted in log-analysis   security-research     /   2022-10-13

A Guide to: Ubuntu Logs

Ubuntu is a popular linux distribution and this article explains how logs are generated, where they are stored, and what they capture.







Posted in log-guide   ubuntu-logs     /   2022-10-13

The Mozlila User Agent Bot

The mysterious Mozlila User agent bot - attempting to compromise sites.







Posted in user-agents   security-research     /   2022-10-13

The Importance of Remote Logging

This article explains why it is important to include remote logging as a piece of your log management strategy.







Posted in industry-insights   log-management     /   2022-10-13

SQL Injection Attack Log

Trunc provides a list of SQLi attacks in the wild. Honeypots records over 900 SQL injection attempts.







Posted in security-research     /   2022-10-13

Linux read-only filesystem errors

Critical logs to watch: Alerting on read-only filesystem errors







Posted in troubleshooting-guides     /   2022-10-13

A Guide to: PHP Fatal errors

Some logs require immediate response to prevent a breach or to recover a broken system. Today's critical logs are the PHP fatal errors.







Posted in log-guide   php-logs   logs-to-watch     /   2022-10-13

Web Interface for OSSEC

The OSSEC HIDS platform is a popular log collection and analysis platform, this article shows how you can implement a web interface for the OSSEC platform.







Posted in ossec   ossec-configurations     /   2022-10-13

OSSEC Log Analysis

OSSEC Log Analysis - How to get your OSSEC logs into a centralized dashboard in the cloud.







Posted in ossec   ossec-logs   log-analysis     /   2022-10-13

A Guide to: Office 365 Microsoft Exchange Logs

Microsoft Office365 (Azure-based) offers a very powerful audit trail of Exchange email logs. In this guide, we will explain how they look like and what to take from them.







Posted in azure-logs   o365-logs   log-guide     /   2022-10-13

The Issues and Challenges with Log Management

Log management is difficult because of the shear scope of devices that need to be monitored.







Posted in industry-insights   log-management     /   2022-10-13

Log Analysis: Investigating a Hacked Linode server

Investigating and recovering a compromised Linode server running WordPress and latest Ubuntu.







Posted in security-research   log-analysis     /   2022-10-13

A Log Guide to: HTTP User Agents

HTTP User agents are a big part of how browsers and web servers communicate. In this article, we cover what they are and the most common user agents.







Posted in log-guide   user-agents   http     /   2022-10-13

A Log Guide to: Dropbear Logs

Understanding the logs from Dropbear, a SSH server meant for low memory systems. Useful to understand the logs from your routers, including OpenWrt, Ubiquiti, Unifi, etc.







Posted in log-guide   dropbear-logs     /   2022-10-13

The Cisco Hack - Tracking the Attack Through your Logs

Cisco Compromise - Insights from Cisco and the trails the attackers can leave in your logs.







Posted in security-research     /   2022-10-13

Brute force attacks against Windows Remote Desktop

In this article we breakdown Brute force attacks against Windows Remote Desktop (RDP) that have been happening against our server on Azure.







Posted in security-research   log-analysis   windows-logs     /   2022-10-13

AWS Credentials Scan

AWS CLI web scans looking for the AWS credentials and config files.







Posted in security_research     /   2022-10-13

Log Analysis: HTTP Flood - DDoS analyzed

Analysis of a HTTP Flood - DDoS - that happened against a site that we were monitoring.







Posted in security-research   log-analysis     /   2022-10-13

A Guide to: NGINX Error Logs

Everything you probably don't need to know about NGINX error logs.







Posted in log-guide   nginx-logs     /   2022-10-13

Vulnerability Scanner Logs: Zed Attack Proxy - ZAP

This article shares the logs generated by the OWASP ZAP application security testing tool (vulnerability scanner).







Posted in security-research   scanning-logs     /   2022-09-16

Simple, affordable, log management and analysis.