日志分类

Data Type Where to Find ItWhat It Can Tell YouApplication LogsLocal log files, log4j, log4net, Weblogic, WebSphere, JBoss, .NET, PHPUser activity, fraud detection, application performanceBusiness Process LogsBusiness process management logsCustomer activity across channels, purchases, account changes, trouble reportsCall Detail RecordsCall detail records (CDRs), charging data records, event data records logged by telecoms and network switchesBilling, revenue assurance, customer assurance, partner settlements, marketing intelligenceClickstream DataWeb server, routers, proxy servers, ad serversUsability analysis, digital marketing and general researchConfiguration FilesSystem configuration filesHow an infrastructure has been set up, debugging failures, backdoor attacks, time bombsDatabase Audit LogsDatabase log files, audit tablesHow database data was modified over time and who made the changesFilesystem Audit LogsSensitive data stored in shared filesystemsMonitoring and auditing read access to sensitive dataManagement and Logging APIsCheckpoint firewalls log via the OPSEC Log Export API (OPSEC LEA) and other vendor specific APIs from VMware and CitrixManagement data and log eventsMessage QueuesJMS, RabbitMQ, and AquaLogicDebug problems in complex applications and as the backbone of logging architectures for applicationsOperating System Metrics, Status and Diagnostic CommandsCPU and memory utilization and status information using command-line utilities like ps and iostat on Unix and Linux and performance monitor on WindowsTroubleshooting, analyzing trends to discover latent issues and investigating security incidentsPacket/Flow Datatcpdump and tcpflow, which generate pcap or flow data and other useful packet-level and session-level informationPerformance degradation, timeouts, bottlenecks or suspicious activity that indicates that the network may be compromised or the object of a remote attackSCADA DataSupervisory Control and Data Acquisition (SCADA)Identify trends, patterns, anomalies in the SCADA infrastructure and used to drive customer valueSensor DataSensor devices generating data based on monitoring environmental conditions, such as temperature, sound, pressure, power, water levelsWater level monitoring, machine health monitoring and smart home monitoringSyslogSyslogs from your routers, switches and network devicesTroubleshooting, analysis, security auditingWeb Access LogsWeb access logs report every request processed by a web serverWeb analytics reports for marketingWeb Proxy LogsWeb proxies log every web request made by users through the proxyMonitor and investigate terms of service and the data leakage incidentsWindows EventsWindows application, security and system event logsDetect problems with business critical applications, security information and usage patterns.Wire DataDNS lookups and records, protocol level information including headers, content and flow recordsProactively monitor the performance and availability of applications, end-user experiences, incident investigations, networks,  threat detection, monitoring and compliance