Date and time accuracy is important for most services and applications to operate correctly. It also ensures that an accurate timestamp is assigned to operations such as resource access requests and network communication. The Windows Time service (W32Time) synchronizes the date and time on a machine with a time server where its logs can provide visibility on issues or potential tampering with the time on the monitored system. There are two common ways to access Windows Time service logs:
- Via Event Tracing for Windows (ETW)
- Via the file system for all versions of Windows.
In this guide, you'll learn how to collect Windows Time service logs.
If your organization has different divisions spanning wide geographic regions, with separate IT teams and Windows machines configured in different languages, it can be quite a challenge to collect log data in a standardized way.
The good news is that the optional language setting of NXLog's im_msvistalog module can help you collect logs from machines that are configured in another language so that they can be centralized in your SIEM in the language of your choice. For instance, if you need to centralize everything in English, the Language en-US directive could be set to collect English logs from all your offices without changing the default Windows language.
The standardization and formatting of ICS logs is not as mature as in conventional computer systems. This poses a significant challenge when it comes to collecting and processing these logs, in addition to the widespread use of industry-specific network protocols (Modbus, PROFINET, BACNET, S7 Protocol, IEC 60870-5-104, IEC-61850, etc.) that a single ICS might use for interacting with various devices.
We know firsthand how tough it can be to build a logging infrastructure with such a complex system, which is why we would like to offer you a free 30-minute consultation with Rafal Jakubowski, our Technology Evangelist, to discover the specific logging needs of your environment.
Because of the types of operations that Yokogawa FAST/TOOLS monitors, there is no room for error or trade-offs. In fact, its steady, uninterrupted operation is essential to maintaining plant safety, and due to excessive log noise, valuable information can sometimes remain hidden in the logs it collects.
FAST/TOOLS and its components create diagnostic data in various log files and in most cases, the logs do not follow a unified formatting schema. At the same time, it supports communication with various DCS/PLC/RTU systems and controllers, providing a large number of drivers for proprietary and general-purpose communication protocols and much more.
If you are not yet using Passive Network Monitoring to capture network traffic from devices that are not configured or cannot be configured to forward network activity logs, then this video tutorial series is for you. The tutorial is divided into 3 parts explaining how to capture and log network-related events:
- Part 1: Rogue DHCP Servers replies
- Part 2: Unexpected ARP & ICMP Sweeps (now available)
- Part 3: DNS tunneling (now available)
Top Social Media Chatter January
- Deploy Zeek (formerly Bro) and NXLog with Chronicle to collect Zeek logs in JSON format - Read Google Cloud guide
- Collecting Microsoft Windows DNS log data to be ingested by Chronicle using NXLog - Read Google Cloud guide
- Using NXLog with Graylog Sidecar to collect Windows Event Log - See Graylog forum
- NXLog is recommended for centralized log collection and to help with analysis - Read discussion