Scribd
Upload
81 views8 pages

Softnix 9 Log Management Best Practices For Thailand v1.1 - Outline Smallest

Log Management Best Practices

Uploaded by

Surapong Naowasate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
81 views8 pages

Softnix 9 Log Management Best Practices For Thailand v1.1 - Outline Smallest

Log Management Best Practices

Uploaded by

Surapong Naowasate
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
You are on page 1/ 8
Whitepaper CR OTe anata tunisdainuvoua LOGS AW W.S.U. 2560 \Softnix PRUs aa GARONA LU ol racesoCcohcNU sear CalV IL aU a saa Wis oC N a ag) UM nanan sual Usaan ieee eestor) Une Usaary EMS rn icatanisaeencl ence lee av tacciasiol aes al eltUisaasy MMcHUeN aun oN U acca anno ect naa satay lt Param nae astsod eto a Lame sera aR acne a rTM Claes eal lV Vises Toran RTS UN aaa sonra Ua sra aie) al Ui PAU EON at orc TNT Nal ialaal a0) Paces Manca ORCL PN carseiunccn UV Use MUM er cnr daicoReriad Melee aU MURR OS Ua ian ESE? Woe ean Eaat ental) IN aon sem Vasu cron are aMN arab evTah rsa tren Cos] Ua rents crane (aii Ialcreraeesn Vata vioraan Urea sea vrataalta anon vv UV orem tone aaron Ue fanny Sure UN ec Uan NMS eas Un eM OM Sra TMalct FeataaitUcet ven = eal Oomacasex et Eee U uaa] CePA SuMG REAPS Pee caren ol Gen Ua meas Cut onaN a] Exclny 1. dosns wus: roududu GusmsingovwaSodhe IT avrins e:siounsrurioush Ussinnvos Logs fi wsu. rhinueliidaifiudo:lsiw ta:Tuingovw vounuiouZaya Logs Us-innuneUngoll 8uUs:innvou Logs imu w.s.u. hinualdaudAueolUd 1.1 LOGS Inqmsnimsivauinsovw nSaiSund1 ACCESS LOGS Logs Ussinniichviquunnniwst:nnourinsadiwHiouy-fiouli Logs Ussinntiaua &y Logs UiesMing inn stigjlénSe Users rhans Bourton undunSovrwvovourins kiuoin WiFi nSouiqUchW LAN Unit isve:souns usnaunsnivougTsculasu P o:lsnSomins:ra Username a:ls iioltins winamsnioluleingolsuUUSMsTU Intemet Logs Us:inndd airyuinéutiugusmsingave SounsruToyameluinSovwauiosh Gétingingov woes uinusosn-wlinu wu WiFi a: Gateway rSodounwoan Internet Gutrinw dus wioudufin Logs fansu Tnudiaulnnitdo ovrinsvunnnanwtitngyfie-Curinvoya Logs vou Firewall amdniCueiu aVoya Logs Us:inntiotalious-AiasUs-nouroatoyainet ~Timestamp SurMioudasioan ~Source P Destination Destination Port ne Protocol Name 1.2 LOGS InaMsnivouinSouFiAUSMs EMAIL SERVER Ho SMTP LOGS fnnfuisovautinsAndus-uu Email Server ISTAUST sion nGo On Premise Email Server f:fioulimstnriu Logs Email Server lonld#iow Bavoya Logs Us:inntioswtious:siosUs:noumowvoyainard ~Timestamp Suvioudhasiaa1 ~ Email Sender Bodiweijay UrunsrtiowsiJu Username Ih ~ Email Recipient dodwwatjSuuarunw ~ Message ID onunulavvosionouludiud ByrnGiu Unique TusiudiresaGue:d ID Tudafiu ~ Slatus indicator amusmsds ku dud iy calcio qnunias aucnsraariw = IP Client Mu@IaV IP Vou Client ABoUeID Mn[s Web Mail Insdoulnus:iOu 127.0.0.1 daisréiovifiu Logs vou Web Server ‘itiuss Web Mall énagusiou ~ Vayaves Logs POPS H89 Logs IMAP Tudoutis lus uriouiuioya Subject tao diud ByGnenwauriniedialudoud Bais iowenlioondrdaqus-durivod WSU. soumsimaunsCurininqm sniivioléUs:noundng uM unnure Tusourutom BueTarunqmunemsthmufoyaaiéinnsound Taululsuoynnn dus-JunnuGRdnUASniuved W.s.U. POUWoINAS UjliUsMsingovwWe-riovs-duluBouUIUAU 1.3 LOGS InnmisnivasinsountiusnisiOu FTP SERVER Tudoutlores-nsounquluth Server iifusmsiOu Fle Manager foe InerSaqus-curio (Du Server FigISTu Intemet anunsn Sulhiania-moulnanlwainehdula duis Wne-iuvouy dnSuuSmssuunIWaUU Cloud Inefoya Logs AiovtAIAu Aout snwarBuamoriol UG ~Timestamp -IP Address voulnSourininuntiusms - Username 80 User ID ~ Path vouVoyaritarfu sourtiéolwaritnrtuaion ISqUnIFU Logs inqMsnianuruciiléionn FTP Logs wiv inUs-auMsnivos Softnix IaoIs WUIRUTIOUUNN InigjUsMnsiASovUAAOS. ‘ounswukSiunonusutulumsdariu Logs Us:inn 1.4 LOGS InqMsniviningod WEB SERVER intuaurinsimsAinéy Web Server tov finosy-sauiiuUnfin Logs vou Web server fuhumiailiiiou good wvaus-UU Web Server Fourinsdniinudulir is, Apache, Nainx Tausrwla:iSuaivon Logs Miduriovdnifive:Us-noulUmoevoyamuriolUd ~Timestamp IP Addross vouglérisunSuluvnusdu ~Voyeriidvou HTTP wu POST, GET - URL So URI is:y Path vouurisentuvrusdu 1.5 LOGS Inqmsniorn SERVER iliusmis USENET Ho NNTP SERVER dove ins-uurouoinostuJegUuUnIUriowwunamnnlulatnnchitico Svorwscyalsd hid Wuriosrimsdaifivtoya Logs Tudoud Ald ueturonens w..u, s-ushihdfiestaru Savane oda fo wnourinstiusms NNTP Ho News Group fiiowvaitiu Logs vous:vuinehtirion 1.6 LOGS inanisnioins:uu CHAT ranosrinsfingiata:IAUSMs Chat Server adwidu Jabber Server noitIns:tiaWeuuns:UUIousIovOATIN Open Source Software fiiouriimsUurinvoya Logs Tudoutidiounduriu dulaudoulanyido ourinstiolUUn9-1U0 Services €nunetiiTuvesmutoy ta-ijléu1u onfivléusmsineh Guu Interet gng{lAUsMssiwUs:inafiolU du Skype, Line, WhatsApp iinu msifiutaya Logs ineatiGa \DundnrivouijtiusmsnouonourinslU iringnuruisre-asounquifiouiawn:s-vufiogiuussinnirindu urinnovrinstaaindutounso enunsndnry Logs Idi fe-rious-duUsadiuseumsiidulieyacouyAnanoe-tangnuWwENVelé isrhldlavdarfiuiivsiaw: NoUTUAow Timestamp, Client IP, Protocol Ho Port, IP Destination ini 2 Yaya LOGS sriJudious:uMomuldnsoidsmsnUunsousu Tucoutlisundiun sims identity nBas-yonu chnSundiinruriiumstoiriv Logs Tu w.s.u. 2650 selulés-yludoudereuuanin ie dangu w.s.u. 2560 Tudou msg iunanincurilumsdaifius-UNUIALTUdoUUTUNOAL NTU Syvaya Logs Aaseenursn Identify [A Auiwiulmiusioud IP Address, MAC Address Gultienunsniélums Identify Aonuvouynnalaimuswo AyUURgUsMsInSovwouFinsiA ‘linus:ysi ms Fixed IP Address msdurin MAC Address “dulUenunsnté Identity Tawny Tunnwuai jlnariolUua-iOurivousulliioms Authentication rioulvagingovrw kau ms Login [Ue Active Directory (AD) danSuInSarnuiiG Active Directory (AD) naMs Login Hotspot WIFI crasuIngavw WIFI nSaiamsrinuved Function Captive Portal UU Firewall IWoUAUIAGMS Login rlourie-iGouPiolUeN Internet TA icloSuriowtwWoya Logs vauns Authentication Guu dafiviniuIAD 3. Yaya LOGS Aino wursotiontsiunangaunwngnurwlA a:fiouiJu LOGS finasins:uuduNIwIAdU tuto lunnifieafTuLnnuneTuriuwas Logs Flosdarfu Taevead ures *s:Lusiunn’ fo Unsniingovrwnsainsou Sorver ‘il vaya Logs enuUs:nntingholStuvo 1 wu Firewall, Emall Server, Authentication Server dy Logs vasgUnsaindhttanchf TaunsySudAauunisotioguqana:léiJunangrumungnureld suluride-voneromu Logs mwngnuulidy Raw Logs law ‘Yoriouvor Raw Logs ioo:d1uitounn duijusmsingov/we-riovlé Sofware nSos-LUdIAS":H Logs UL iiolianunsniTnt ‘YoyansoaSwiJusenuoitluus:lesirodhe 1 If widotaricus:idunungrue test intintgosvo Logs iaintUasoveou iogdnda Raw Logs Tairhntiu WenursndaJu Report nSodouladoundavou Report TAA maGusinvaugUAd is Tid uOurion Findus: UUIUIAUIUIRSovuIWaAniiuioyalu Traffic iWoll¥oya Logs fiioums iws7: Raw Logs irnuunléiunangaunw NQHUNETA vicnHANdANUs-auFivoUMSAiAgul#osioUNS Monitor HEOdIAS7-HAUANMUTUIAgOV wa UasnrinlaRiuru Auliud: Mauiundaqus-ayriveumstarfiy Log MU W.S.U. ligndauiecau dus-touUssniinuwUsUUlMed wun 4. usuria Time voss:uuingovqwitinsaiiu \SowvounnsUSUFH Time vougunsniingov wia:inSomuv eduarAryUN twsre-ns-nulAeMsuAuAaTHOUFiNIu Logs Guth Wnsunufurnits-esuu daduluforhmuandininrurtumsiar‘ Logs anu w.s.u. ussuldsh tdurhioe itAnsuflurunua Tnerotuidone:nrilk Sync Time flu NTP Server fiinBotio BuroTUido NTP inehdus:rhanulus:Au Stratum 1 Dudoutany 1WU timet nimt.or th, time2.nimt.orth,time3.nimt.or th, clock’ thaicer.org, clock2.thaicer.org, time.navy-mith walUinos ‘Sync Time Mu NTP Server Tis:Au Stratum unnnsh Stratum 2 5. fiamisdufinn:eugunsnindaifiu LOGS aw W.s.U. TneZundininruritumsdaifu Logs anu w.s.u. 2560 Gimsrianunitiuifuria (orntnriSosvoVaya Logs iflfvsmise:siovd Raw Logs wSourlavayan-iivueUnsnd Inuayan-iuueUnsnidu isve-fiewuringoaunsrufiisariamsdairiu Logs Badwa:3ua iui Hostname, IP, Function ra-hunwinndary Bavoyaiie:18 hSoonve:AsOURAUTIM slip Network Topology ninth \Waus-naumsosuufoyalu Logs dngurdantinndins din ijnsranowOetGiuUs-luiomsdias G6. rawtocs Tigndaiiiu s:Aoulinisasovdou AD WaUYsNila:AdWONAO”D oliiudoudhAiryunn Suluurnsy7Us-UUTAIAU Logs S-YINUIFUA nSUNANINtUrMsdAINU Logs Pru W.s.U. 2560 [5d aya Rew Logs o:fioulimriins:uouns Hashing Inus: yams Hashing fiurisousuld fo MDS, SHA-1, SHA-256 hgogundh id iuMlosioatimstowumsaunforheuvaya Raw Logs dou doumnquall Inariolusurhimsdurin Logs Istus-uusanliv Logs RooniuuUrTauiowriu Centralized Log System Bus:uuIMa Uveriims Hashing wSous:UuriMuAanéiumsiintvaya iwaUeufiumsaurianuiioya Raw Logs Tai 7. Wsaudiosdaimu LoGs vos SERVICES filéuSnisuu CLOUD SERVICES ingiulUS:UU Private Cloud ildoUSInSdAM SION IS1AFiaNUFIN Logs leufunUA Pit MNIsIIUTBUsMsM wun 29S ia: PaaS Id USMISVON Otfice365, Google Mail, Salesforce, Email Hosting is TLifiowWurinfoya Logs ws: AnhunuTs:yforhmund nsugfilAusnsUs:Inndlnviaw::so:soudAIUsnU Logs vauUsMsmutonTignetNvwTléruadiao uighamanisilUIsusmsanuru: laaS Wunsié VM, Computing Service 1sv7=MovIhU Logs tov BuylAUSMs laas HaresrELN GusmsiaSuludoutogiido 8 is:uudamisvoua LOGS AdoudaifuiUUs-e:19a7 2 U TunsrtridUssluludurna ondnfiones:s:yMUMLIAg USM singov edn Logs LuOUAMAMAUIUO Uulsdans-uoumsiudumaniadléioa nu udeimsisunsedvoya Logs Us-neundingnus-lAtivaya Logs Gua TuvaunuAl Isulus Duriouiiunn9 Logs 2 0 iws7:0799-riniigiuqurdiovdam Storage GuguiulU wis:uusamshAnose:eUrsns-Uled ‘finnuniaw'-uW Logs enudulesqUnsnindus-iumunqnure lautunonuiu 2 0 dou Logs us f 90 SuenuUnAiiia Ussndadiurtumsaari sarnns elas: vutams Log Management sourniGumsioul u Manual oadulssAtimsifu Hashing Code founaiavds-uuTourluvoyaluignaungorhae 9 oqarnutivoriudnAsusniaw1-Us:inn Logs A w.s.u.snMuAINie 1 irhtu ris Services Taisviu Logs vou Services Uu Sulu unset Yayavod Logs UlAsumurisiHuatuvo 1 1d Email Server ovwe-UlSGHodu9 wanerunulU Guniuous werSuAWOD Logs “luindouflu lifes UUSUduunSonl@uuiay Sofware ueivalriAu Logs ihfirhlAliléuantqaits:rilsvou Services Gug matiurninniin sida Cloud meuanrisnun ourinsAlLiaulUAagus:UU Monitor Traffic Users H80 Traffic Recorder 1WalAlAt Logs nsunnussnnvay ws.u.mutnquata 3 wrililUNo snus) Services VouIsTUU Cloud is riasSumAwaUiounSall gos QIRUSmseuMstarfiuvaya Logs nendiutris Wao iiuvoya LOGS fw.s.u.iinualilauanidaniine:ila \OuUs-Testid nsugrirndve-Worsnn Implement s:uuiituaseinshSenunouns-v9UMs uoatirialuido dagnioonSouigatari Tugqu:firhnvumuiiuuiu israwasniliPUsnuarhulanSonu-UanuoenurUsnuaWodoel rea uindavula sanvoyarianuatl one RowWUSuUsuhSal MnivaasaudoulandosnsUsnursiiusiu Softnix

You might also like