Highest Voted 'log-analysis' Questions - IT Security Stack Exchange

2

votes

1 answer

What does this suspicious activity in my log suggest?

I found following log lines on my asterisk program (VoIP) running on debian Jessie server 3.4.112 for arm [2016-12-25 01:58:52] NOTICE[12054] res_pjsip/pjsip_distributor.c: Request 'INVITE' from '"800" ' failed for…

asked Dec 25 '16 at 00:31

AXANO

899
7
23

2

votes

1 answer

Anyone can identify tool used to perform this attack?

recently I've identified that some hack attempt was performed at one of my servers. I have dumped nginx logs to github, please take a look and try to identify which tool was used to perform this attack. Excerpt from log: 195.154.41.132 - ktuser…

firewalls intrusion nginx mod-security log-analysis

asked Nov 15 '16 at 13:01

Aleksandar Pavić

272
2
11

2

votes

1 answer

Linux log files to back up and review for security

Good morning/afternoon/evening everyone, I am looking into what files I should consistently back up externally from my machine to be able to monitor for any unusual activity. I would look at the files regularly but also if my machine is in a bad…

linux logging monitoring backup log-analysis

asked Apr 22 '16 at 15:24

IT_User

212
1
9

1

vote

1 answer

Security server log review

We have a Kiwi Syslog server for Centralized logging purposes. Currently, our focus is only on monitoring, reviewing and reporting User Account/Password Violations. We already used the necessary filters based on the event ID in this link -…

logging incident-response manual-review log-analysis

asked Jul 02 '15 at 15:04

Boy

11
2

1

vote

1 answer

Detecting web app attacks by parsing log files

Following up on this question as the answers are now 5 years old: Can I detect web app attacks by viewing my Apache log file? My boss has tasked me with analyzing our access.log and error.log files after an attempted mySQL injection attack last…

web-application attacks detection log-analysis

asked Mar 11 '15 at 16:55

Rick Chatham

234
1
13

1

vote

2 answers

How to source training data in ML for information security?

A company entrusts a Data Scientist with the mission of processing and valuing data for the research or treatment of events related to traces of computer attacks. I was wondering how would he get the train data. I guess he would need to exploit the…

log-analysis machine-learning

asked Apr 17 '21 at 14:11

Revolucion for Monica

111
6

1

vote

0 answers

Identify user with a VPN connection within the network

I know of a user within my network who initiated a VPN connection within my network. What are ways I'll be able to find out the identity of user, searching port numbers? specific protocol established? I am Using IBM qradar for monitoring a medium…

vpn log-analysis

asked Nov 12 '20 at 16:24

Lucy

11
1

1

vote

0 answers

Which tools ISPs use for browsing logs?

It is known that ISP has to log various network data for various purposes, such as law enforcement needs. However, what are some examples of software tools used by ISPs to browse this huge amount of network logs? In addition, how time-consuming is…

isp log-analysis

asked Nov 08 '20 at 17:31

Quirik

129
3

1

vote

1 answer

Why is my web site being scanned for license.txt, and should I be worried?

Lately I am seeing multiple daily 404s for variations of "license.txt", e.g., "wordpress/license.txt", "blog/license.txt", "old/license.txt", "new/license.txt". Here's a little snippet of slightly redacted logfile to illustrate: 5.189.164.217 - -…

http webserver apache log-analysis web-crawler

asked Apr 18 '20 at 19:48

C8H10N4O2

113
4

1

vote

0 answers

Help in understnading HIDS OSSEC traces

I realized my system Ubuntu and windows dual boot might have been compromised. So, I installed OSSEC HIDS to try to look for issues. When I ran dmesg, i found the following trace: ------------[ cut here ]------------ [ 31.461050] Could not…

system-compromise log-analysis hids ossec

asked Nov 19 '19 at 05:33

dawn

111
3

1

vote

1 answer

How secure are Windows Event Logs?

Just doing some reading surrounding analysing intrusions, I’ve read that Windows Event Logs can be modified by an attacker to cover their tracks, how accurate is this and what are the alternative for a systems analyst?

windows log-analysis

asked Nov 13 '19 at 17:46

C.Mann

73
7

1

vote

1 answer

Where can I download sample security log file archives?

I am volunteering to teach some folks to learn Splunk to analyze logs by using SIEM. Therefore I will need some public log file archives such as auditd, secure.log, firewall, webapp logs, which I can use to upload to Splunk instance and write some…

siem log-analysis

asked Oct 03 '19 at 22:59

Blacklion

93
9

1

vote

2 answers

Tracking Down Failed Logins

I've recently implemented a SIEM solution, and am now able to see a large amount of failed login attempts from legitimate users. In fact, it's such high volume that my SIEM is correlating them to be Brute Force attacks. However they come from a…

authentication logging siem log-analysis ntlm

asked Aug 26 '19 at 19:28

Jake Y

11
3

1

vote

2 answers

What causes Windows security logs saying an attempt was made to reset an account's password?

This falls under the category of eliminating what might be normal activity from my attention. I'm looking at Windows 7 security event logs. I don't have context to know if the following event is a normal occurrence. It happens 10 times a day or…

windows powershell log-analysis windows-7

asked Aug 23 '19 at 14:12

mcgyver5

6,807
2
24
45

1

vote

0 answers

Application Security - Security Testing Log files?

As per latest OWASP Guidelines (2019) - a security assessor has to test against application platform configuration dubbed as OTG-CONFIG-002 in OWASP Testing Guide v4. Since OWASP is a Security Principle Guide rather than being a security checklist…

appsec logging log-analysis

asked Jul 05 '19 at 13:20

Shritam Bhowmick

1,602
14
28

Questions tagged [log-analysis]