Logs and alerts of network and security devices, operating systems, databases and applications are collected in a single, central place as a basic IT security requirement. Analysis of the entries from different sources easily reveals differences, intrusion attempts or the circumstances of an actual intrusion.
Log analysis is efficient when the focus is on the critical in the huge pile of events. To establish focus, sophisticated search, analysis and recognition of correlation between events is needed.