1
00:00:00,05 --> 00:00:04,09
- [Instructor] Logging goes hand in hand with monitoring.

2
00:00:04,09 --> 00:00:08,09
Monitoring your network can be done in real time

3
00:00:08,09 --> 00:00:10,09
or after the fact.

4
00:00:10,09 --> 00:00:16,04
Logging is necessary for after the fact monitoring.

5
00:00:16,04 --> 00:00:22,08
It establishes an audit trail, which is often mandated.

6
00:00:22,08 --> 00:00:24,08
There are many sources of logs.

7
00:00:24,08 --> 00:00:31,01
For example, all the hosts in your network generate logs.

8
00:00:31,01 --> 00:00:37,07
The host here refer to computers, routers, firewalls,

9
00:00:37,07 --> 00:00:44,03
IDSs, IPSs, servers, et cetera.

10
00:00:44,03 --> 00:00:46,07
Any devices connected to your network

11
00:00:46,07 --> 00:00:50,04
can generate these log messages.

12
00:00:50,04 --> 00:00:54,07
Therefore, there are overwhelming sources of logging,

13
00:00:54,07 --> 00:00:58,04
which creates a need for forwarding the logs

14
00:00:58,04 --> 00:01:00,09
to a centralized log server

15
00:01:00,09 --> 00:01:05,07
where you can monitor all the logs simultaneously.

16
00:01:05,07 --> 00:01:07,02
As you can see here,

17
00:01:07,02 --> 00:01:12,08
a centralized log server collects all these log messages

18
00:01:12,08 --> 00:01:16,09
from individual hosts in your network.

19
00:01:16,09 --> 00:01:18,05
Logging is important,

20
00:01:18,05 --> 00:01:22,07
but if nobody analyzes the logs, it's good for nothing.

21
00:01:22,07 --> 00:01:25,02
This is why logging is usually combined

22
00:01:25,02 --> 00:01:28,03
with a feature such as alerts,

23
00:01:28,03 --> 00:01:32,09
automatically generated and sent to relevant people

24
00:01:32,09 --> 00:01:36,00
via emails and text messages.