Logs You Should Monitor – list
Monitoring logs is one of your day to day tasks.
Your environment is complex, it contains legacy and modern technologies, you have both data centers and a cloud footprint, each talking to the other with APIs.
Your network consists of many pieces of infrastructure, operating systems, databases, distributed applications and security systems: some legacy, some very new.
Increased sophistication of global cyberattacks means security is also a core business function for your enterprise.
And your job is to ensure these functions are running smoothly, your systems are always available and running at peak performance and security.
* If you haven’t read our power guide: Hybrid Cloud Challenges: How To Optimize Monitoring and Analytics for IT Ops?”
Here is a list of logs to monitor from most common types of systems.
This is not an exhaustive list but should give you a pretty good starting point!
|System||Product||Logs to Monitor|
|Operating System||RHEL-compatible Linux||/var/log/messages|
|Windows Server||Default Windows Event Logs (Application, Setup, Security, System)|
|Web Server||Apache Web Server||Access log|
|IIS||IIS Log from Windows Events|
|Database Server||MS SQL Server||ERRORLOG|
Grid infrastructure log
General query log
Slow query log
|Elasticsearch||Log files under /var/log/elasticsearch|
|Mail Server||Microsoft Exchange||Exchange Log from Windows Events|
|Identity Management||Active Directory||AD Log from Windows Events|
|DNS||Microsoft DNS||DNS Log from Windows Events|
DNS security log
Zone transfers log
DNS query log
Query error log
|Network Device||Cisco Router||Syslog|
|Load Balancer||F5||BIG-IP logs|
|Programming||Java||Application’s custom log file(s), as configured in the language’s logging subsystem (e.g. through log4j, log4r, Winston etc.)|
|Cloud System Logs||AWS CloudWatch||CloudWatch Logs|
|AWS CloudTrail||CloudTrail logs|
|VPC||VPC flow logs|
|S3||S3 access logs|
|RDS||RDS database logs|
|CloudFront||CloudFront access logs|
|ELB||ELB log files|
|Endpoint Protection||Sophos||Events log|
Data loss prevention events log
Message history report
Gateway activity log
Adapt to the dynamic nature of hybrid clouds and modern applications architecture with XpoLog’s AI/ML-powered log data platform