The present aspects relate to a computer device, and more particularly, to logging security events on a computer device.
When a computer device is operating on a network, the computer device is generally susceptible to attacks, such as by a third parties or a network. Prior to a successful attack by a third party (e.g., a hacker), the third party is generally interacting with the computer device attempting to make the attack. During the time period leading up to an attack, and while an attempted attack may be taking place on the computer device, the computer device is typically operating correctly with integrity and trust. The computer device may continue to make log entries, which may be written to a log file stored on a hard drive of the computer device for later analysis by a user of the computer device, such as an administrator. Once an attack becomes successful, the third party may become the administrator of the computer device and may remove all evidence that an attack occurred. For example, the third party may remove entries from the log files that would typically alert the real administrator that an attack occurred. Enterprise machines generally protect themselves from attacks by sending the log files across the network to a reporting infrastructure or a specific log server to ensure that when a computer device is attacked, a third party individual may not erase evidence that the attack occurred. However, in a home environment, or an unmanaged environment, if an attack occurred to one of the computer devices operating on a home network, the computer devices are typically acting alone. As such, it generally is very difficult to detect an attack by a third party on a computer device in a home environment or unmanaged environment.
Thus, there is a need in the art for improvements in monitoring of security events on computer devices.