|
Log analysis (or system and network log analysis) is an art and science seeking to make sense out of computer-generated records (also called log or audit trail records). The process of creating such records is called data logging. Typical reasons why people perform log analysis are:
Logs are emitted by network devices, operating systems, applications and all manner of intelligent or programmable device. A stream of messages in time-sequence often comprise a log. Logs may be directed to files, stored on disk, or directed as a network stream, directed to a log collector. Log messages must usually be interpreted with respect to the internal state of its source (e.g., application) and announce security-relevant or operations-relevant events (e.g., a user login, or a systems error). Logs are often created by the software developers to aid in the debugging of the operation of the application. The syntax and semantics of data within log messages are usually application or vendor-specific. The authentication of a user to an application may be described as a login, a logon, a user connection or authentication event. Hence, log analysis must interpret messages within the context of an application, vendor, system or configuration in order to make useful comparisons to messages from different log sources. Log message format or content may not always be fully documented. A task of the log analyst is to induce the system to emit the full range of messages in order to understand the complete domain from which the messages must be interpreted. A log analyst may map varying terminology from different log sources into a uniform, normalized terminology so that reports and statistics can be derived from a heterogenous environment. E.g., log messages from Windows, Unix, network firewalls, databases may be aggregated into a "normalized" report for the auditor.
[edit] See also[edit] External links
Directorio de Enlaces Directorio dmoz Directorio espejo dmoz Pedro Bernardo |