logging's questions - English 1answer

276 logging questions.

It's very unclear what '12 months' browsing history being kept by network provider' actually means to an uninformed person. Thunderbird? VPN? Startpage searches? Bit-torrent downloads? Epic browser (...

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a ...

I have the following Wireshark log and I want to categorize the attack. I think it prints the user under apache runs and then prints the system information. From this log can we determine if the ...

I'm struggling to write a secure sign-up form for my website. (My site is some kind of an image gallery. I have knowledge in html, javascript, msql and php) I know there is a tactic to secure login ...

I have a client who hosts multiple sites in Apache. They're storing each site's access.log and error.log in the docroot under logs/, and they're publicly accessible via the web. To me, this seems ...

I am aware of DCHP tables, and apps that can scan your network to see who is "currently" on your wifi network, but I am more interested in how to tell if someone has been on my wifi network at some ...

I have a JBL Go bluetooth speaker paired with a Dell laptop running Ubuntu 17.10. I suspect malicious intermittent activity on that speaker, but I am not sure and I am looking for proof or evidence ...

I am currently setting up an Apache web server on a Linux machine at my house. I am working on a website project which will allow users to log in to complete certain work. There is no open ...

Is PCI DSS Require a dedicated syslog server - collecting only PCI systems logs, or centrally syslog server is OK for PCI dss?

Request for logs please. So, I had an interesting question posed to me around geographical trends in SSH brute force attempts. The question being "has anybody ever looked into the prevalent SSH ...

I am a student working on my semester project and it's about developing a SIEM solution with Big Data tools to be used in a SOC (security operations centre) and I know that collecting logs can be used ...

I have recently installed Snort IDS on Linux Ubuntu 16.04LTS (not server), after experimenting and testing configuration in VitualBox. After installing and successfully validating the configuration ...

Suppose a system administrator became aware of a service running on their server that both created a named pipe that allowed access by remote clients (e.g., ordinary domain users), and that had an ...

If I do a test with a classic <script>alert(1)</script>, does the website owner see my attempt? Does XSS leave some trace behind? I will try to build a little server on my Ubuntu with a ...

If I use my own VPN and use third party DNS - can I trust it? For example, is there any possibilities that an attacker can track the requests by contacting the DNS-hosting (assume that attacker have ...

I patched for shellshock and was barraged a few days later. However, I would not have known any attempts were made at all if not for a regular expression I found on the internet. This has inspired me ...

*I've subscribed and emailed the bro mailing list but have not received any replies. This is the exact same message. Hello and thank you for your assistance. As the subject states, I'm not getting ...

For example, if I use my ISP DNS and open this page they will see: https://security.stackexchange.com/questions/ask It would show up in their logs for sure. But if I use Google DNS, then what ...

can owners of private internet see chat logs when using my phone but their internet? Is this possible. I work in someone's house who is an IT genius and just wondered if they can read my hangout or ...

Audit trails vs. log files

1 answers, 174 views logging
I read an article that said if you use production data in your test system that you should enable logging and audit trails. What is the difference between log files and audit trails? Isn't it nearly ...

I have a firewall log with events from 2 years ago. I want to examine that log as if I was investigating at the time of collection (2 years ago). However, I would like to use IP address reputation ...

Listening to the Secure code lessons from Have I Been Pwned made me really think about logging. It appears that in the real world a lot of data breaches are discovered long after they happened which ...

On reviewing the firewall log on my router (supplied by my fibre provider), I noticed a few curious entries. Several teardrop or derivative attacks, I'd expect to see things like this in the log from ...

Should someone want a highly secured cloud environment, having the whole infrastructure managed by a third party could be quite stressful I guess. There are things you can't manage yourself in a ...

During development we added to error logs details of http requests, including headers, to have better understanding for error investigation. Our architect pointed that we should not place sensitive ...

i am currently redirecting attackers to themselves based on a few rules <iptables> -t nat -A PREROUTING -s <ip> -j DNAT --to-destination <ip> i was thinking that maybe it could be ...

Say you're having a basic LAN-infrastructure (a Router, a Firewall, a switch connected with multiple access points, a server and multiple clients). I want to be able to detect malicious traffic ...

I built a web application with low traffic so far, after making some advertising I realized there are some suspicious requests against my server, this is what Loggly service shows me in panel: Logs ...

I'm using ELK to grab, store and analyze logs. I would like to automate a bit the search process with tools like Etsy's 411. I'm aware of the yara rules and so forth, but it's a bit too malware-...

So after a recent pentest I thought it would a neat idea to track commands executed by service accounts on our webservers - use auditd for that and send the logs to our SIEM via audisp. There I ...

In my modsecurity auditlog there is a binary file logged as text: How can I prevent modsecurity from bloating my logfiles with the content of binary files like that?

Scenario One of my customers has some Debian based boxes directly accessible on the Internet with no firewalling on the ssh port. Those boxes are configured for an "instant" mail notification when a ...

I am logging in to my site using Chrome (on Ubuntu). Even if I logout and close my browser I can see the login POST request content (containing username and Password) using "Hexedit". I have seen a ...

I'm looking for some more information concerning the white paper which goes into some detail over PowerShell's Module logging. Specifically, once this is enabled, are the default cmdlets logged? For ...

I am going through some event logs (in event viewer), and noticed I can't seem to find any firewall logs. Windows Defender provides the firewall. How do I get to the firewall logs that should be ...

I am a client within a server in a school. My computer has a static IP address to enable me to connect to the internet. We have a server that records the browsing history of the computers that are ...

I have installed Alien Vault into my environment and I am seeing a ton of logs going into the SIEM. Upon further investigation, I see that these are being generated by AlienVault itself. I think that ...

I use several browsers for several reasons (surfing, downloading files, logging into accounts...) but I prefer Chrome for doing "risky" things like browsing websites which I don't know whether they ...

I use web in different ways, i.e.: a) to log into my accounts (email, google, social, forums, etc.); b) for downloading softwares; c) for surfing trusted websites; d) for surfing websites which I ...

how can I use snort to breakdown http/https traffic into separate sessions and track each session separately and also dump them into separate log files or something that I can read from.

I'm running webserver on Debian8 64bit (2.6.32-042stab120.16) with Apache/2.4.10. Today in Apache access.log I found these entries: 164.52.7.132 - - [26/Jun/2017:07:16:23 -0400] "\x16\x03\x01\x01\"\...

I work with snort log file and now I need to extract the TCP header. My question is: How to log only the TCP header from the packets captured by snort log file (without the payload) using command ...

I want to filter Telegram Messenger to monitor the network activities (logging) from any platform. I'm wondering if there is any signature I can look into to detect the traffic, maybe a list of server ...

The context: I already use FDE on my system drive (strong cipher, long unguessable password, etc.), but on the off-chance that my password is stolen or my computer is cold-booted, I want to prevent ...

I have 100 clients that are joined to a domain. One of them is trying to do brute-force attack to the other clients. How can I get login failure logs on domain server about attacker logins? I already ...

While authenticating, should attempts with invalid user names be logged? OWASP Logging Cheat Sheet says that authentication failures must always be logged. I can observe several programs doing this, ...

I've found some messages like this one, in my nginx error.log. open() "[my-domain]/**iptac-***[a long long string]*/http:/[my-domain]/" failed (2: No such file or directory), client: , server: , ...

I have a REST API running in a Tomcat container that has an endpoint that takes a customer email address as a query parameter. It's something like this: /customers?email=foo@bar.com Customer email ...

What features would you expect from a secure audit log? Is there more than not being able to change it and make sure you know who wrote it? You do that by hashing the previous entry and signing the ...

Suppose two users have done a murder at 6pm at Dunkin Donuts, I have got the hard disks on site, disk1 and disk2. How do I identify the time and order of each user's activities on the hard disks? ...

Related tags

Hot questions

Language

Popular Tags