Log literally means keeping records, logs and diaries. Today's technologies and the intensive use of the internet require that all activities and all kinds of transactions taking place in the digital environment must be recorded (keeping a log record).
The obligation to keep logs is based on many reasons. Log records are kept because of the many benefits of tracking transactions such as security, system errors and system changes.
What is Log Record?
Logging is the process of automatically recording events
in a system in terms of time, username and action. This record is also kept so
that system errors and changes made in the system can be checked later.
All users accessing the Internet over a network and
the actions of all components in a network are recorded in a similar way.
This information can
be saved in text files with the extension ".log" on a daily or weekly
basis. In this case, which is similar to security camera recordings, every
transaction is recorded.
Some important logs are only
accessible to the system administrator.
Why is it Important to Keep Logs for Businesses?
Log records provide the opportunity to be monitored
retrospectively in case of any security problem, as there are records kept
about login, exit, transactions in the system and who the user is.
Since it may take time to initiate lawsuits or
investigations by the competent authorities regarding cyber crimes that may
occur, retrospective information requests of the courts can put companies in
troubled situations.
In addition, the fact that the log records contain too
much detailed information creates difficulties in terms of tracking and
organization. For this reason, keeping, managing and organizing log
records may require professional methods, there are organizations that provide
this service for a certain fee.
Let's say you have a business that provides access
provider internet service. When some of the people using this service commit a
cyber crime, the subject is examined by the relevant institutions upon the
request of the prosecutor's office.
The first requested data in this research is log
records. The IP and device information on the date of the action are clearly
visible in these records, making it easier to identify the criminal.
For example, an employee in your business insulted
someone on social media through your network or committed a cybercriminal
offense. In legal investigations regarding this transaction, your log records
on the network will be examined within the scope of the prosecution
investigation, since the IP address where the transaction is made belongs to
you.
You can prove who is using the network while the
action is taking place, thanks to these log records. Each device connected to
the modem is identified and recorded with their mac addresses. It will be
important for you to prove who is using this device.
Log Types
Event Log
Operating systems automatically record the event log.
In this way, problems and events experienced in your computer system can be
examined retrospectively. Events such as account opening, program installation
and update are recorded in the system. For example, the "Microsoft Windows
Event Viewer" (Event Viewer) application is a program that allows you to
monitor the log records kept in the Windows system.
SysLog
These are log records kept in Linux-based systems.
They are system logs that contain information about logging messages of daily
events. It is usually used on servers and is saved in the
"/etc/syslog.conf" file. It is evaluated in two categories, facility
and priority.
Facility ( Syslog Type )
Facility is the term indicating the type of logs to be
recorded.
Örneğin;
ftp: FTP file transfer
protocol
auth: Records
system security and login permission messages.
lpr: It is a
local printer service.
authpriv: Records
messages about system security.
user: General user
messages are recorded here. Facility is set to "user" by default
unless another type is specifically selected by the selector in the syslog.conf
file.
mail: Contains
mail system records.
Priority (Syslog Priority)
Priority refers to the importance of the log in the
recording process. It gives you messages according to the priority defined in
the syslog.conf file with the Selector.
For example;
emerg: The system is unusable
alert: It should be intervened immediately
crit: critical situation
err: Error status
warn: Warning
notice: situation that is normal and needs to be
informed
info: Informational purposes
debug: Debugging
none: None
All these records are saved
in certain time periods on an hourly, daily, weekly, monthly basis, and then
compressed and stored. Syslog organization can be done with a number of
auxiliary applications.
Transaction Log
SQL server logs, changes made
on the server are recorded with this log type. All data uploaded and deleted to
the server can be tracked and used for backing up systems thanks to these logs.
However, taking a backup with this log can cause very large files to be
created.
Comments
Post a Comment