Join Us!

Application and Ser...
 
Notifications
Clear all

Application and Server Logs Investigation  

  RSS
harshbehl
(@harshbehl)
Member

Hi
What are the best procedures to investigate the application and server logs ? Tools required etc.
Your advice will be highly appreciated.

PM [email protected]

Quote
Posted : 09/03/2016 9:41 pm
BitHead
(@bithead)
Community Legend

Hi
What are the best procedures to investigate the application and server logs ?

Know what you are looking for. Searching with no predefined goal is a fools errand, much like asking overly broad questions.

Tools required etc.
Your advice will be highly appreciated.

PM [email protected]

Splunk, Wireshark, ELK are a few of many tools (you did not provide any real details, so there is no way to be really helpful)

ReplyQuote
Posted : 11/03/2016 6:03 am
keydet89
(@keydet89)
Community Legend

What are the best procedures to investigate the application and server logs ? Tools required etc.
Your advice will be highly appreciated.

Can you clarify what you're referring to? Which application and which server?

Thanks.

ReplyQuote
Posted : 11/03/2016 4:57 pm
MDCR
 MDCR
(@mdcr)
Active Member

Without being specific

- Narrow your scope what is being suspected? Why are you sitting there looking at data?
- Make sure timestamps are in a uniform format before you use a timeline program, with timezones converted to one timezone if it is a geographically large investigation.
- Use a database program that allow you to do multiple searches using a query language like SQL, Cypher or Spring.
- Filter the results using what you know you are NOT looking for - to find what you are looking for.

If you want a more specific answer, you can ask specific questions.

Good luck.

ReplyQuote
Posted : 15/03/2016 8:11 pm
Share: