IT assets generate logs in one shape or form. Your computer has an event log, which is a log that contains information about usage and operations of operating systems, applications or devices. Simplest example of logs getting generated is when you make a phone call or receive a phone call. These logs from various resources are usually collected into a single repository for analysis. This process is called log ingestion. Log ingestion is the process of formatting and uploading data from multiple sources into a single point for analysis. There are numerous endpoints like firewalls, routers, servers, and cloud services and usually these data sources have its recommended data collectors.
The biggest issues you should be aware of as a cybersecurity analyst regarding data ingestion are time synchronization and logging levels. You need to ensure all the resources are synchronized across the corporate network, otherwise it will be hard to visualize and correlate activities, especially on a geographically distributed level. Without accurate timestamps on log files, it’s hard to re-create accurate patterns for proactive alerting and conduct proper forensics.
Logging levels are levels of importance indicators. Most common types are fatal, error, warn, info, debug, and trace. It’s important to categorize logs so different teams that are trained for specific issues can tackle them. Logs are generated constantly and they need to be filtered and prioritized to ensure critical issues are tackled quickly. If you use google cloud console, you can simply use logs explorer to create alerts based on different variables like IP address and input logging level as well.
HansITAcademy 
You must be logged in to post a comment.