From the course: Network Forensics
Join today to access over 25,500 courses taught by industry experts.
Audit logs
- [Instructor] Audit logs are chronological records that provide documented evidence of the sequence of activities relevant to security events. They record transactions by users, systems, and other entities. Audit trail is another name for audit logs. Maintaining a strong audit trail is critical in network forensics, and here's why. First, it provides accountability. Logs tie accounts and people to security events. Based on this information, organizations determine who did what and how their systems responded. They can also take punitive or corrective actions, such as more training or education. Next is reconstruction. Network forensics specialists can piece together a series of related activities sequentially before and during a security incident. Anomaly detection is another benefit because log data provides raw materials for spotting any suspicious activities. Linux keeps its audit trail by maintaining a number of log files. You can find them under the var log directory. Let's…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
(Locked)
Network logs3m 24s
-
(Locked)
Intrusion and security events4m 22s
-
(Locked)
Network logs as evidence3m 30s
-
(Locked)
Network logs and compliance3m 23s
-
(Locked)
Audit logs3m 28s
-
(Locked)
Firewall logs4m 29s
-
(Locked)
syslog34s
-
(Locked)
syslog-ng1m 34s
-
(Locked)
Kiwi Syslog Server28s
-
(Locked)
Microsoft Log Parser1m 32s
-
(Locked)
-
-
-