Posts tagged Log Management

3 min Emergent Threat Response

Want to stay ahead of emerging threats? Here’s how.

A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?

4 min InsightIDR

Easily Explore Your Log Data with a Single Query in InsightIDR

We are delighted to announce that Log Search now supports grouping by multiple fields in your log data.

8 min AWS

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.

2 min SIEM

SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?

Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.

7 min Log Management

Rolling with Your Logs, Part 3: Using Regex to Expand Your Search Options

In this final installment of our Log Search series, we’ll look at some simple regular expressions that will greatly expand your Log Search options.

6 min InsightIDR

Rolling with Your Logs, Part 2: Advanced Mode Searches

In the Part 2 of this three-part series on InsightIDR Log Search, we will cover three concepts: parsed logs, groupby function, and log search operations.

4 min InsightIDR

Rolling with Your Logs, Part 1: Your Guide to Log Search in InsightIDR

In the first installment of this series, we'll cover the three most important basics of log search, then run through a few common Simple Mode searches.

6 min Log Management

Taking a Message-Based Approach to Logging

When you think about it, a log entry is really nothing more than a message that describes an event. As such, taking a message-based approach to logging by utilizing messaging technologies makes sense. Messaging creates the loose coupling that allows a logging system to be adaptable to the needs at hand and extensible over time. Understanding a Standard Logging Architecture Typically, logging is implemented in an application using a logger [https://docs.oracle.com/javase/7/docs/api/java/util/log

5 min IT Ops

6 Best Practices for Effective IT Troubleshooting

System monitoring and troubleshooting [https://www.rapid7.com/fundamentals/system-monitoring-and-troubleshooting/] can be a time-consuming and frustrating activity. It’s not unusual for IT folks to spend hours finding and fixing a problem that could have been resolved in 10 minutes had better troubleshooting tools and processes been in place. Improving IT troubleshooting and monitoring doesn’t need to be an expensive undertaking. Many times it’s just a matter of implementing a few company-wide

5 min Log Management

3 Steps to Building an Effective Log Management Policy

You’re on Call Duty. You’re awoken in the middle of the night by your cell phone in the throes of an SMS frenzy. You’re getting hundreds of messages from your company’s logging service: a record is being written to a database, code is being executed, a new container is being spun up, and on and on. None of these messages matter to you. You just turn off your phone and go back to sleep. The next day you go into the office only to find out that half the racks in your datacenter went offline durin

5 min InsightOps

5 Ways to Use Log Data to Analyze System Performance

Analyzing System Performance Using Log Data Recently we examined some of the most common behaviors that our community of 25,000 users looked for in their logs, with a particular focus on web server logs. In fact, our research identified the top 15 web server tags and alerts created by our customers—you can read more about these in our https://logentries.com/doc/community-insights/ section—and you can also easily create tags or alerts based on the patterns to identify these behaviors in your sys

4 min Log Management

What is Syslog?

This post has been written by Dr. Miao Wang, a Post-Doctoral Researcher at the Performance Engineering Lab at University College Dublin. This post is the first in a multi-part series of posts on the many options for collecting and forwarding log data from different platforms and the pros and cons of each. In this first post we will focus on Syslog, and will provide background on the Syslog protocol. What is Syslog? Syslog has been around for a number of decades and provides a protocol used for

3 min Log Management

Active vs. Passive Server Monitoring

Server monitoring [https://logentries.com/product/server-monitoring/] is a requirement, not a choice. It is used for your entire software stack, web-based enterprise suites, custom applications, e-commerce sites, local area networks, etc. Unmonitored servers are lost opportunities for optimization, difficult to maintain, more unpredictable, and more prone to failure. While it is very likely that your team has a log management and analysis [https://www.rapid7.com/products/insightops/] initiative

3 min InsightOps

Announcing InsightOps - Pioneering Endpoint Visibility and Log Analytics

Our mission at Rapid7 is to solve complex security and IT challenges with simple, innovative solutions. Late last year Logentries joined the Rapid7 family to help to drive this mission. The Logentries technology itself had been designed to reveal the power of log data to the world and had built a community of 50,000 users on the foundations of our real time, easy to use yet powerful log management [https://www.rapid7.com/fundamentals/what-is-log-management/] and analytics engine. Today we are

6 min User Behavior Analytics

User Behavior Analytics and Privacy: It's All About Respect

When I speak with prospects and customers about incident detection and response (IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always discussing the technical pros and cons. Companies look to Rapid7 to combine user behavior analytics (UBA) [https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint detection and log search to spot malicious behavior in their environment. It's an effective approach: an analytics engine that triggers based on known attack m