Information Most Useful for Log Analysis
As we know, in some cases having a log entry in hand just isn't enough. To know what it means and, more broadly, what's going on on the systems and networks, other information is required. This poll is to probe into the types of information most often needed while analyzing logs.
Which of the types of information below are most useful when trying to make sense of a log entry?
| 58% (31) | Documentation on what the log entry means | |
|---|---|---|
| 41% (22) | IP address to name (DNS, Windows) resolution | |
| 24% (13) | User name to real name (other user info) resolution | |
| 16% (9) | Other security information on the system with IP address from the log (e.g. vulnerability) | |
| 22% (12) | Other system information on the system with IP address from the log (e.g. configurations) | |
| 35% (19) | Other network information on the system with IP address from the log (e.g. flows) | |
| 62% (33) | Other logs from about the same time (this and other systems) | |
| 28% (15) | Other logs from the same system | |
| 28% (15) | Other logs ABOUT the same system | |
| 7% (4) | Other logs that contain the same keywords | |
| 24% (13) | Similar log entries | |
| 13% (7) | Other - please add |
53 voters have answered this question.
This poll was created on 2008-05-05 20:26:34
by Anton_Chuvakin
