The present application relates to the field of computer system monitoring, and more particularly to the use of information appearing in logs of computer system activity.
Computer systems and devices make extensive use of logs to collect information regarding computer system operation. Log information can be used for a variety of purposes including accounting, troubleshooting, and various types of monitoring including security-related monitoring. For example, security information and event management (SIEM) systems are known that receive logs generated by devices such as servers, network devices, etc., and use the information in the logs to assess system operation from a security perspective.