8.1 Sources of Logs

The sources of event logs are wide and varied. All kinds of equipment and software can generate them, including:

• Operating systems of servers and workstations, such as Windows, Linux, or UNIX-based operating systems

• Applications, such as web, database, and DNS servers

• Network equipment, such as switches, routers, and firewalls

• Physical devices, such as cameras, access control systems, and HVAC systems

8.1.1 Operating System Logs

Operating system (OS) event logs are among the most common. By default, most operating systems have small amounts of logging enabled. Most OSs, including Windows, Linux, and UNIX-based systems, are capable of maintaining event logs that store records of system events. By default, these logs are not always extensive, but they are usually customizable. Regulations such as HIPAA, as well as actual data breaches, have spurred many companies into collecting workstation and server authentication logs centrally.