Server operating systems routinely record a variety of operational, security, error, and debugging data such as system libraries loaded during boot, application processes open, network connections, file systems mounted, and system memory usage. The level of detail is configurable by the system administrator; however, there are sufficient options to provide a complete picture of system activity throughout its lifetime. In the Common Information Model, antivirus data is typically mapped to the Network Sessions data model.
Server logs provide a detailed record of overall system health and forensic information about the exact time of errors and anomalous conditions that are invaluable in finding the root cause of system problems. Monitoring server logs such as file access, authentication, and application usage can help secure infrastructure components.
When your Splunk deployment is ingesting server log data, you can use it to accomplish security and compliance, IT Ops, and application delivery use cases.