0Pricing
Cyber Security Academy · Lesson

Log Sources: OS, Network, and Application Logs

Understand what Windows Event Logs, syslog, Apache/Nginx logs, and firewall logs contain.

Why Logs Matter

Logs are the primary evidence source for security investigations. Every login, network connection, and application action leaves a trace. Without logs, attacks are invisible and forensic reconstruction is impossible.

Windows Event Logs

Windows organizes logs into channels: Security, System, Application, and custom application channels. The Security log contains authentication, access control, and audit events — most important for security analysis.

# View Windows Event Logs
# Event Viewer (GUI): eventvwr.msc

# PowerShell
Get-EventLog -LogName Security -Newest 50
Get-WinEvent -LogName Security | Where-Object {$_.Id -eq 4625}

# Key Security Event IDs:
# 4624: Logon success
# 4625: Logon failure
# 4648: Explicit credentials
# 4672: Admin logon

All lessons in this course

  1. Log Sources: OS, Network, and Application Logs
  2. SIEM Architecture and Log Ingestion
  3. Writing Detection Rules and Correlation
  4. Alert Triage and SOC Workflow
← Back to Cyber Security Academy