Logs You Should Monitor – list
Monitoring logs is one of your day to day tasks.
Your environment is complex, it contains legacy and modern technologies, you have both data centers and a cloud footprint, each talking to the other with APIs.
Your network consists of many pieces of infrastructure, operating systems, databases, distributed applications and security systems: some legacy, some very new.
Increased sophistication of global cyberattacks means security is also a core business function for your enterprise.
And your job is to ensure these functions are running smoothly, your systems are always available and running at peak performance and security.
* If you haven’t read our power guide: Hybrid Cloud Challenges: How To Optimize Monitoring and Analytics for IT Ops?”
Here is a list of logs to monitor from most common types of systems.
This is not an exhaustive list but should give you a pretty good starting point!
| System | Product | Logs to Monitor |
| Operating System | RHEL-compatible Linux | /var/log/messages lastlog |
| Debian-compatible Linux | /var/log/syslog lastlog | |
| Windows Server | Default Windows Event Logs (Application, Setup, Security, System) | |
| Web Server | Apache Web Server | Access log Error Log |
| Nginx | Access log Error log | |
| IIS | IIS Log from Windows Events | |
| Database Server | MS SQL Server | ERRORLOG SQLAGENT.LOG Trace files |
| Oracle | Alert log Grid infrastructure log Trace files | |
| PostgreSQL | PostgreSQL log | |
| MySQL | Error log General query log Slow query log DDL log | |
| MongoDB | mongod.log | |
| Cassandra | system.log cassandra.out gc.log | |
| Elasticsearch | Log files under /var/log/elasticsearch | |
| Mail Server | Microsoft Exchange | Exchange Log from Windows Events |
| Identity Management | Active Directory | AD Log from Windows Events |
| DNS | Microsoft DNS | DNS Log from Windows Events |
| BIND | Default log DNS security log Zone transfers log DNS query log Query error log | |
| Network Device | Cisco Router | Syslog |
| Juniper | Syslog Core files | |
| Load Balancer | F5 | BIG-IP logs |
| Programming | Java | Application’s custom log file(s), as configured in the language’s logging subsystem (e.g. through log4j, log4r, Winston etc.) |
| .NET | ||
| Python | ||
| Ruby | ||
| Go | ||
| Node.js | ||
| Cloud System Logs | AWS CloudWatch | CloudWatch Logs |
| AWS CloudTrail | CloudTrail logs | |
| VPC | VPC flow logs | |
| S3 | S3 access logs | |
| RDS | RDS database logs | |
| Redshift | Redshift logs | |
| CloudFront | CloudFront access logs | |
| ELB | ELB log files | |
| Endpoint Protection | Sophos | Events log Audit log Data loss prevention events log Message history report Gateway activity log |
Adapt to the dynamic nature of hybrid clouds and modern applications architecture with XpoLog’s AI/ML-powered log data platform
