A log as understood is a record of the events occurring within a given organization’s systems and networks when viewed from a system perspective. They are composed of log entries where, each entry is composed of information pertaining to a specific event that has occurred within a system or network. Having matured from a journal today logs contain information related to different types of events occurring within networks and systems. The data present in the log files describe the status of each component and record system operational changes, such as the starting and stopping of services, detection of network applications, software configuration modifications, and software execution errors. Logs are very much part of computing system and cannot be avoided. It is a common understanding that the data generated in the form of log by the existing network devices are a repository of information about the status of the network. Originally, the system of logs were used for troubleshooting problems. However logs now serve many functions within most organizations, such as optimizing system and network performance, recording the actions of users, and providing data useful for investigating malicious activity.
Within an organization, logs contain records related to computer security; common examples of these computer security logs are audit logs that track user authentication attempts and security device logs that record possible attacks. Logs serve the purpose of journal or a day book and hold a record of all transactions that takes place in a network and provide a wellspring of information to help improve security, thus enabling compliance.
Log files are maintained in almost every system and they are usually examined during security audits, either external or internal. Indeed, during regular security audits, log files may be examined and correlated, in order to assure that the intended technical measures are in place and that the security policies and procedures are implemented. During non-scheduled security audits, e.g. as a response to a security incident, log files are analyzed in order to discover the cause of the incident, such as lack of security measures, non-conformance with security procedures or system miss configurations. Such logs form the basis of SIEM vertical. They serve as the source of analysis for a system study with the help of Big data. In other words SIEM is adopting itself to Bigdata.
