When troubleshooting problems or investigating potential security breaches, the Windows event log is a great place to start. Windows provides an extensive list of various event logs grouped by a provider with a sometimes staggering number of events recorded within. With all of these events being recorded, it’s hard to figure out what’s going on. One way to search event logs across not one but hundreds of servers at once is with PowerShell.
Log Management is a hot topic these days, especially in the way it pertains to organizational data security. So in this episode of Defrag This, your host Mark Towler sits down with Jim Cashman to quiz the latter on his sysadmin experience with Log Management.
It’s certainly clear that IT teams that utilize a Security Information and Event Management (SIEM) solution are better positioned to protect the digital assets of their companies. SIEM aggregates vital data from multiple sources and provides alerts that enable IT to detect, prevent, isolate and mitigate security threats.
Log data can be a tremendous resource for protecting digital assets against cyber attacks. Trouble is, trying to make sense of all the logs generated by IT networks is like pointing a fire hose at someone dying of thirst. They’re desperate for a drink, but they simply can’t handle that much water all at once!