These are collected in chronological order from most recent of some posts (not all) around the following topics.

Infosec career advice

Forensics - where to start?

Active Directory

Collecting Domain Controller event logs:

Auditing AD: and some very useful links including

Windows Server log monitoring

Collecting Windows Events and Splunk

RDP logging

AMSI logging

Using ETW Providers to log (ie keylogging via ETW traces)

USB ETW Provider


DNS logging

Microsoft IIS

Log collection and better security

Implement file integrity monitoring over configuration file changes

OWASP zaproxy

Using event logs to deal with obfuscation -

Please forward your logs

Yes - use encryption when you ship your event logs! and

Look into events that show Indicators of Compromise and Indicators of Attack.

Why centralize logging:

Monitoring of logging

I detected someone probing my site for weaknesses, what can I do about it?

Auditing and compliance

Windows event log - Audit failure

Prove log files weren’t tampered with

Log and file auditing

Misc for event log shipping

Netflow / Networking


Cisco AMP

Bro security network monitor

nmap scans

Other questions

Docker logging


Setting up OWASP authentication against 2 page form authentication

This post is being updated throughout the year