Highest Voted 'log-analysis' Questions - IT Security Stack Exchange

1

vote

1 answer

Is a good idea to have security logs stored in the cloud?

I was discussing with my friend the topic of the importance of log analytics/correlation and real-time response for an organization. Then, he mentioned that some people consider sending logs (collected from a network: IDS, firewall) to the cloud for…

asked May 15 '19 at 14:42

U. User

180
8

1

vote

1 answer

Heuristics to Identify CSRF from Web Access Log File

I am new here in security. I want to identify suspicious users on web application by analyzing web access log file. For this, I am considering CSRF attack. For this purpose, I am generating some heuristic (possible) rules for identification of…

csrf log-analysis

asked Dec 18 '18 at 16:21

Shree

151
1
7

1

vote

2 answers

Are log files executable files?

As a beginner in security research project, I came across log injection and my question is itself about log injection files. Are log injection files executable, if no, how do they execute/run malicious code/files uploaded onto them, if…

injection logging log-analysis

asked Nov 17 '18 at 07:39

Hrishikesh D Kakkad

11
2

1

vote

0 answers

Dovecot in auth.log suspicious entry analysis

I am wondering is this entry in auth.log something that I should be concerned about Feb 22 12:18:25 host1 auth: pam_unix(dovecot:auth): check pass; user unknown Feb 22 12:18:25 host1 auth: pam_unix(dovecot:auth): authentication failure; logname=…

authentication email attacks log-analysis

asked Feb 22 '18 at 11:22

Aleksandar Pavić

272
2
11

1

vote

0 answers

Identifying privilege escalation in OSSEC logs

I am working on an intrusion detection system which can prioritize and attribute the logs generated by OSSEC. So, how can I understand a privilege escalation case (or just the privileges a user has at that time) by looking at these logs?

ids log-analysis hids ossec

asked Oct 21 '17 at 22:26

qwerty

111
1

1

vote

3 answers

Are these log entries normal?

I have noticed high CPU usage, and noticed that user dinko had high CPU usage with the sshd process when I typed top. User dinko was just some random user that I created and had a Ruby application running. I have immediateley deleted that user and…

linux ssh ubuntu intrusion log-analysis

asked Feb 23 '17 at 08:22

Aleksandar Pavić

272
2
11

1

vote

0 answers

Would extracting logs from a European server to a US SIEM system cause privacy legal concerns?

Looking for an answer related to the European "General Data Protection Regulation." laws.

legal logging siem log-analysis

asked Feb 21 '17 at 14:05

Kamic

693
2
5
20

1

vote

1 answer

Can the data transfered from a PC to Dropbox or a USB drive be logged and detected?

I have some problems with my manager and am in process of using a lawyer to litigate with regards to workplace harassment. The litigation is planned to be "soft" and my lawyer only plans to send the employer an email saying that he has heard cases…

data-leakage usb-drive log-analysis

asked Nov 08 '16 at 01:53

mandy

11
2

1

vote

2 answers

"CHANGELOG.txt" in Apache logs

Recently I've been seeing a major uptick in the following type of requests to my Apache logs: "GET /CHANGELOG.txt HTTP/1.1" 404 211 About a month ago, I received none. Now I receive a dozen or so each day. Occasionally they are accompanied by…

apache scan log-analysis

asked Mar 22 '16 at 16:00

SCruz

159
5

0

votes

3 answers

How to learn IP range from inside company

I'd like to block all users from inside Company X from visiting my website. However I don't work at Company X. Is there an efficient way to learn what the IP is when people inside Company X access the outside world? For instance, are there logs…

logging ip log-analysis

asked Feb 03 '15 at 16:42

Icann

433
1
5
11

0

votes

0 answers

How do I track all the different types of event logs exclusive to an antimalware software or pc recovery software?

I recently found out that my pc has been infected by some serious spyware and while I did successfully remove them, I’m afraid that that malware affected the antimalware and management solutions I installed on my PC. In order to find out whether or…

logging windows-10 log-analysis

asked Sep 08 '22 at 11:18

rasputin

1

0

votes

0 answers

How to find data associated with windows defender processStart reference in windows10

Recently my windows defender warned me about a possibly malicious program it found on my pc. I have trouble interpreting the data windows defender serves me and I haven't found any microsoft documentation regarding the processStart value. The…

windows antivirus log-analysis

asked Feb 16 '22 at 11:11

Brakke Baviaan

101
2

0

votes

1 answer

Suspicious visits to one URL from same user-agent but from unique IPs

For the past few weeks, I am observing a lots of visits from a specific user-agent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36 to one particular URL. The user-agent…

firewalls apache mod-security log-analysis bot

asked May 25 '21 at 16:48

Kannan

107
5

0

votes

2 answers

Some bots are trying to locate files on server, how to protect?

In my apache error log I am getting these errors (there are 100s of these lines), most of these IPs are from China. I guess some bots are trying to find vulnerable files. Is there any way to protect the server against such attacks? script…

web-application apache log-analysis

asked Jul 15 '19 at 12:00

Hashu

11
2

0

votes

1 answer

Monitoring of Logging

I wish to implement logging and auditing features on a Windows 10 client used for carrying out secure transactions through our FTP server, with a client organisation. What all features could I select in the Windows' auditing options, so that I…

windows logging ftp log-analysis

asked Feb 12 '19 at 13:27

Vikas

347
1
12

Questions tagged [log-analysis]