anavem.
Back to Glossary
L

Log

A log is a recorded event generated by a system, application, or device to document activity, behavior, or errors.

What is a log?

A log is a timestamped record of events produced by operating systems, applications, network devices, or security tools. Logs document what happened, when it happened, and often who or what triggered the event.

Logs are foundational to troubleshooting, monitoring, security detection, and compliance.

Why logs matter

Logs are critical because they:

  • Provide visibility into system behavior
  • Enable troubleshooting and root-cause analysis
  • Support security detection and investigations
  • Allow auditing and compliance reporting
  • Preserve historical evidence of activity

Without logs, incidents are largely invisible.

Common types of logs

Logs can be categorized by source or purpose:

  • System logs -- OS-level events and errors
  • Application logs -- application behavior and exceptions
  • Security logs -- authentication, authorization, alerts
  • Network logs -- firewall, proxy, VPN activity
  • Access logs -- user or API access events
  • Audit logs -- compliance and traceability records

Each type serves a different operational need.

Log structure

Most logs include:

  • Timestamp
  • Source (host, service, application)
  • Event type or severity
  • Message or description
  • User, process, or IP (when applicable)

Standardized formats improve analysis and correlation.

Logs in cybersecurity

In security operations, logs are used to:

  • Detect suspicious behavior
  • Investigate incidents and breaches
  • Reconstruct attack timelines
  • Support threat hunting
  • Feed SIEM and XDR platforms

Logs are the raw material of detection engineering.

Logs and SIEM

A SIEM platform:

  • Collects logs from multiple sources
  • Normalizes and correlates events
  • Triggers alerts based on patterns
  • Stores logs for long-term analysis
  • Supports investigations and reporting

SIEM effectiveness depends on log quality and coverage.

Log retention and compliance

Organizations often define:

  • Retention periods (days, months, years)
  • Secure storage requirements
  • Access controls and integrity checks
  • Legal and regulatory obligations

Poor log retention can break compliance and investigations.

Challenges with logs

Common log-related challenges include:

  • High volume and noise
  • Inconsistent formats
  • Missing or incomplete data
  • Storage and cost constraints
  • Lack of context without correlation

Logging strategy matters more than raw volume.

Best practices

Effective logging practices include:

  • Logging security-relevant events
  • Using consistent and structured formats
  • Centralizing log collection
  • Protecting logs from tampering
  • Regularly reviewing and tuning log sources

Logs must be actionable, not just stored.

Common misconceptions

  • "More logs always mean better security"
  • "Logs are only useful after incidents"
  • "Logs replace real-time monitoring"
  • "Logging has no performance impact"