Looking Beyond Windows Part 2: Application Log Management
Earlier, we discussed how effective syslog management can improve your network’s security. However, log monitoring doesn’t end there. Your business runs on applications, whose log data must also be monitored to reinforce security. Applications include web servers, databases, printers, and in-house applications, all of which are indispensable to your organization.
The need to monitor application logs – use cases
Take, for example, a database. Your database stores sensitive business information such as customer credit card information, patient health information, and so on. A major security threat to this data would be a SQL injection attack, wherein malicious SQL commands are executed to modify, copy, or even expose the stored data, which could lead to disastrous consequences.
What would you do if you were to track a change made to a database table? You would look through the application’s logs, of course! But just like in the case of syslogs, going through massive amounts of application log data is impossible. This is where your SIEM solution steps in. The SIEM solution will alert you instantly when a SQL injection attack happens and provide you with meaningful SQL security reports for forensic analysis.
Now let’s talk about web servers. Web servers are subject to several security threats such as cross site scripting, malicious file executions, and DoS (Denial of Service) attacks. Log data is the only source that can provide detailed information about all these attacks to help you mitigate or combat them at the early stages.
Read the entire article here, Looking beyond Windows part 2: Application log management
via the fine folks at ManageEngine