Learning Logs

Sharing our logging knowledge. A place we log our insights, experiences, and findings as it pertains to the world of logs.

Full text logging search

Web Interface for OSSEC

The OSSEC HIDS platform is a popular log collection and analysis platform, this article shows how you can implement a web interface for the OSSEC platform.

Posted in logging   ossec   ossec-wui     /   2022-10-03

Investigating a Hacked Linode server

Investigating and recovering a compromised Linode server running WordPress and latest Ubuntu.

Posted in security   logs     /   2022-10-03

The Mozlila User Agent Bot

The mysterious Mozlila User agent bot - attempting to compromise sites.

Posted in user_agents   security_research     /   2022-10-02

A Guide to NGINX Logs

NGINX is a powerful web server and logging is a critical piece to managing a web server. In this article we explain the two log types: access and error, and how to work with them.

Posted in logging   nginx   weblogs     /   2022-09-30

Detecting Web Attacks via 404 Errors in Your Logs

This article highlights the importance of logging, and shows how DevSecOp teams can use logs to understand what bad actors are looking for across their web assets.

Posted in log-analysis   security     /   2022-09-22

Vulnerability Scanner Logs: Zed Attack Proxy - ZAP

This article shares the logs generated by the OWASP ZAP application security testing tool (vulnerability scanner).

Posted in scanning_logs   siem     /   2022-09-16

A Guide to Office 365 Microsoft Exchange Logs

Microsoft Office365 offers a very powerful audit trail of Exchange email logs. In this guide, we will explain how they look like and what to take from them.

Posted in logging   log_management     /   2022-09-16

The Cisco Hack - Tracking the Attack Through your Logs

Cisco Compromise - Insights from Cisco and the trails the attackers can leave in your logs.

Posted in logging   security   siem     /   2022-09-16

AWS Credentials Scan

AWS CLI web scans looking for the AWS credentials and config files.

Posted in security   siem     /   2022-09-16

SQL Injection Attack Log

Trunc provides a list of SQLi attacks in the wild. Honeypots records over 900 SQL injection attempts.

Posted in security_research     /   2022-08-18

Log Management Challenges

Log management is difficult because of the shear scope of devices that need to be monitored.

Posted in logging   log-management     /   2022-07-21

Linux read-only filesystem errors

Critical logs to watch: Alerting on read-only filesystem errors

Posted in logs   logs-to-watch     /   2022-07-18

Critical Logs to watch: PHP Fatal errors

Some logs require immediate response to prevent a breach or to recover a broken system. Today's critical logs are the PHP fatal errors.

Posted in logs   logs-to-watch     /   2022-07-18

HTTP Flood - DDoS analyzed

Analysis of a HTTP Flood - DDoS - that happened against a site that we were monitoring.

Posted in http   ddos     /   2022-07-05

HTTP User Agents

HTTP User agents are a big part of how browsers and web servers communicate. In this article, we cover what they are and the most common user agents.

Posted in user_agents   http     /   2022-06-30

Everything you don't need to know about NGINX error logs

NGINX is the most popular web server in the planet and in this post, we will analyse their error logging in detail.

Posted in nginx     /   2022-06-28

Brute force attacks against Windows Remote Desktop

In this article we breakdown Brute force attacks against Windows Remote Desktop (RDP) that have been happening against our server on Azure.

Posted in windows   brute_force     /   2022-06-05

Syslog Daemons difference (syslogd, rsyslog and syslog-ng)

This article explains the differences between the different syslog daemons: syslogd, rsyslog and syslog-ng, found in Linux and BSD distributions.

Posted in syslog   rsyslog   syslog-ng     /   2022-06-02

A Guide to Dropbear Logs

Understanding the logs from Dropbear, a SSH server meant for low memory systems. Useful to understand the logs from your routers, including OpenWrt, Ubiquiti, Unifi, etc.

Posted in logging   sshd   dropbear     /   2022-06-02

Learn How to Test System Logging with Logger

Logger is a command-line tool for Linux and BSD systems that allow you to easily test and send logs to syslog.

Posted in logging   logger     /   2022-06-02

A Guide to Ubuntu Linux Logging

Ubuntu is a popular linux distribution and this article explains how logs are generated, where they are stored, and what they capture.

Posted in logging   ubuntu     /   2022-06-02

Trunc - What Events to Log to your central logging server

In this article we explore the best practices and the type of events that you should always store in your central logging server.

Posted in logging   log-management     /   2022-06-02

A Guide to Apache Logs

Apache is a powerful web server and logging is a critical piece to managing a web server. In this article we explain the two log types: access and error, and how to work with them.

Posted in logging   weblogs   apache     /   2022-06-02

Troubleshooting Remote Syslog with TCPDUMP

How to troubleshoot remote syslog with tcpdump. rsyslog, syslog-ng, linux, ubuntu, red hat, centos

Posted in logging   tcpdump   syslog     /   2022-06-02

Simple, affordable, log management and analysis.