Dan Reichert, Sales Engineer at Sumo Logic, wrote this great 3-part series on best practices when creating custom logs, starting with the 5 Ws.
There are 5 critical components of a good log structure:
- When did it happen (timestamp)
- What happened (e.g., error codes, impact level, etc)
- Where did it happen (e.g., hostnames, gateways, etc)
- Who was involved (e.g., usernames)
- Where he, she, or it came from (e.g., source IP)
For the full story, check out:
Please sign in to leave a comment.