logging's questions - English 1answer

284 logging questions.

In my modsecurity auditlog there is a binary file logged as text: How can I prevent modsecurity from bloating my logfiles with the content of binary files like that?

To make a long story short, the CEO in my firm was fired but she did not change her status at LinkedIn about being employed at my firm. I sent her several mail that remained unanswered. So after 9 ...

We have a database table of encrypted log entries, each encrypted entry containing information about the user who created the entry. The entry is encrypted with the encryption key of the particular ...

Android apps write their logs to a file (usually referred to as "logcat") which is very useful not only for developers but also for users who want to investigate problems. You can easily see that ...

Windows has EventID 1102 "The audit log was cleared". What is the equivalent audit event in Unix/Linux? If someone has a sample event, and know what audit policy needs to be configured to get this ...

From time to time, some users can accidently type their password in the username field, either because they missed the tab key or because they thought their account was simply locked, not logged out (...

What data should be logged?

4 answers, 2.002 views logging
Imagine having a web application. You then decide that you want to create your own logging system, for whatever reason. What data should be logged to put a very good logging system in place? I was ...

I'm studying for the CCSP exam and one of the examples of technical controls (referenced in the course training material) confuse me: Technical controls, also referred to as logical controls, are ...

In our company, we need by policy AVs on every developers' Linux (Mint) computers. Right now we have ClamAV running on them, daily scheduled scans and every developer manually sends the report log to ...

I am currently setting up an Apache web server on a Linux machine at my house. I am working on a website project which will allow users to log in to complete certain work. There is no open ...

Occasionally I will fail to hit Tab properly when entering a username/password combination. This results in me submitting username "myUsername$ecretPa$$word" along with a blank password. I always ...

I'm just in the process of parsing some raw $LogFile data, and I'm a bit confused regarding the layout of the records ('RCRD'). Here's an example: Parsing LSN record at position: 16800 Current LSN: ...

Are there any security concerns with logging that a user changed their password? I'm already logging whenever an admin changes a users password for audit purposes, but is there a reason to not have a ...

It's very unclear what '12 months' browsing history being kept by network provider' actually means to an uninformed person. Thunderbird? VPN? Startpage searches? Bit-torrent downloads? Epic browser (...

I have the following Wireshark log and I want to categorize the attack. I think it prints the user under apache runs and then prints the system information. From this log can we determine if the ...

I'm struggling to write a secure sign-up form for my website. (My site is some kind of an image gallery. I have knowledge in html, javascript, msql and php) I know there is a tactic to secure login ...

I have a client who hosts multiple sites in Apache. They're storing each site's access.log and error.log in the docroot under logs/, and they're publicly accessible via the web. To me, this seems ...

I am aware of DCHP tables, and apps that can scan your network to see who is "currently" on your wifi network, but I am more interested in how to tell if someone has been on my wifi network at some ...

I have a JBL Go bluetooth speaker paired with a Dell laptop running Ubuntu 17.10. I suspect malicious intermittent activity on that speaker, but I am not sure and I am looking for proof or evidence ...

Is PCI DSS Require a dedicated syslog server - collecting only PCI systems logs, or centrally syslog server is OK for PCI dss?

Request for logs please. So, I had an interesting question posed to me around geographical trends in SSH brute force attempts. The question being "has anybody ever looked into the prevalent SSH ...

I am a student working on my semester project and it's about developing a SIEM solution with Big Data tools to be used in a SOC (security operations centre) and I know that collecting logs can be used ...

I have recently installed Snort IDS on Linux Ubuntu 16.04LTS (not server), after experimenting and testing configuration in VitualBox. After installing and successfully validating the configuration ...

Suppose a system administrator became aware of a service running on their server that both created a named pipe that allowed access by remote clients (e.g., ordinary domain users), and that had an ...

If I do a test with a classic <script>alert(1)</script>, does the website owner see my attempt? Does XSS leave some trace behind? I will try to build a little server on my Ubuntu with a ...

If I use my own VPN and use third party DNS - can I trust it? For example, is there any possibilities that an attacker can track the requests by contacting the DNS-hosting (assume that attacker have ...

I patched for shellshock and was barraged a few days later. However, I would not have known any attempts were made at all if not for a regular expression I found on the internet. This has inspired me ...

*I've subscribed and emailed the bro mailing list but have not received any replies. This is the exact same message. Hello and thank you for your assistance. As the subject states, I'm not getting ...

For example, if I use my ISP DNS and open this page they will see: https://security.stackexchange.com/questions/ask It would show up in their logs for sure. But if I use Google DNS, then what ...

can owners of private internet see chat logs when using my phone but their internet? Is this possible. I work in someone's house who is an IT genius and just wondered if they can read my hangout or ...

Audit trails vs. log files

1 answers, 553 views logging
I read an article that said if you use production data in your test system that you should enable logging and audit trails. What is the difference between log files and audit trails? Isn't it nearly ...

I have a firewall log with events from 2 years ago. I want to examine that log as if I was investigating at the time of collection (2 years ago). However, I would like to use IP address reputation ...

Listening to the Secure code lessons from Have I Been Pwned made me really think about logging. It appears that in the real world a lot of data breaches are discovered long after they happened which ...

On reviewing the firewall log on my router (supplied by my fibre provider), I noticed a few curious entries. Several teardrop or derivative attacks, I'd expect to see things like this in the log from ...

Should someone want a highly secured cloud environment, having the whole infrastructure managed by a third party could be quite stressful I guess. There are things you can't manage yourself in a ...

During development we added to error logs details of http requests, including headers, to have better understanding for error investigation. Our architect pointed that we should not place sensitive ...

i am currently redirecting attackers to themselves based on a few rules <iptables> -t nat -A PREROUTING -s <ip> -j DNAT --to-destination <ip> i was thinking that maybe it could be ...

Say you're having a basic LAN-infrastructure (a Router, a Firewall, a switch connected with multiple access points, a server and multiple clients). I want to be able to detect malicious traffic ...

I built a web application with low traffic so far, after making some advertising I realized there are some suspicious requests against my server, this is what Loggly service shows me in panel: Logs ...

I'm using ELK to grab, store and analyze logs. I would like to automate a bit the search process with tools like Etsy's 411. I'm aware of the yara rules and so forth, but it's a bit too malware-...

So after a recent pentest I thought it would a neat idea to track commands executed by service accounts on our webservers - use auditd for that and send the logs to our SIEM via audisp. There I ...

Scenario One of my customers has some Debian based boxes directly accessible on the Internet with no firewalling on the ssh port. Those boxes are configured for an "instant" mail notification when a ...

I am logging in to my site using Chrome (on Ubuntu). Even if I logout and close my browser I can see the login POST request content (containing username and Password) using "Hexedit". I have seen a ...

I'm looking for some more information concerning the white paper which goes into some detail over PowerShell's Module logging. Specifically, once this is enabled, are the default cmdlets logged? For ...

I am going through some event logs (in event viewer), and noticed I can't seem to find any firewall logs. Windows Defender provides the firewall. How do I get to the firewall logs that should be ...

I am a client within a server in a school. My computer has a static IP address to enable me to connect to the internet. We have a server that records the browsing history of the computers that are ...

I have installed Alien Vault into my environment and I am seeing a ton of logs going into the SIEM. Upon further investigation, I see that these are being generated by AlienVault itself. I think that ...

I use several browsers for several reasons (surfing, downloading files, logging into accounts...) but I prefer Chrome for doing "risky" things like browsing websites which I don't know whether they ...

I use web in different ways, i.e.: a) to log into my accounts (email, google, social, forums, etc.); b) for downloading softwares; c) for surfing trusted websites; d) for surfing websites which I ...

how can I use snort to breakdown http/https traffic into separate sessions and track each session separately and also dump them into separate log files or something that I can read from.

Related tags

Hot questions

Language

Popular Tags