- Course
- Security
Linux Endpoint Security: Logs
Monitoring and understanding system logs is critical for maintaining endpoint security. This course will teach you how to analyze and interpret Linux log files to identify security-relevant events.
What you'll learn
Security investigations on Linux endpoints are often hindered by unfamiliarity with the native logging tools and formats. In this course, Linux Endpoint Security: Logs, you’ll learn to analyze and interpret Linux log files to identify security-relevant events. First, you’ll explore how Syslog works and how to locate and read key log files. Next, you’ll discover how to use the auth.log file to monitor authentication events and detect suspicious behavior. Finally, you’ll learn how to leverage journalctl to query and analyze systemd logs in real-time. When you’re finished with this course, you’ll have the skills and knowledge of Linux logging tools needed to analyze and interpret Linux log files to identify security-relevant events.
Table of contents
About the author
Chris Jackson is a cybersecurity professional with years of experience in identifying security incidents, securing applications and security training. Over the years, he has tested web applications for vulnerabilities, helped deploy SIEM platforms and more. He is passionate about teaching cybersecurity and committed to learning new technologies.