Exam SY0-601 topic 1 question 274 discussion

Log collectors are pieces of software that function to gather data from multiple independent sources and feed it into a unified source such as a SIEM. Log aggregation is the process of combining logs together. This is done to allow different formats from different systems to work together.

Answer: Log collector Log collectors are pieces of software that function by gathering data from multiple independent sources and feed it into a unified source such as a SIEM. Log collectors will collect the logs and then the SIEM solution will store the logs.

Log collectors. The SIEM collects log data from devices throughout the network and stores these logs in a searchable database

B. Log aggregation Explanation: Log aggregation involves collecting and centralizing logs from various sources or devices into a central repository. This allows for a unified and comprehensive view of the logs, making it easier to analyze and monitor security events.

useful difference for anyone interested: Log collection: centralized collection of events from multiple sources Log aggregation: As distinct from collection, aggregation refers to normalizing data from different sources so that it is consistent and searchable ALSO the question asks for the COMPONENT, and option B is the action log aggregaTION

why not log collector?

collect=aggregate?

A log collector is responsible for gathering logs from various sources, such as security devices, servers, and applications, and forwarding them to a centralized location or log management system. It acts as an intermediary between the source devices and the central repository, ensuring that all relevant logs are collected and transmitted securely.

d-----Log aggregation and log collection are two separate functions in a SIEM system: Log aggregation refers to the process of collecting logs from different sources and bringing them together into a central location, where they can be easily accessed and analyzed. This can be done by using various protocols and techniques, such as Syslog, SNMP, or APIs. Log collection refers to the process of gathering logs from various sources, such as servers, network devices, and endpoints, and forwarding them to a central location for further processing and analysis. A log collector is a tool or a software component that is responsible for collecting logs from different sources and forwarding them to a central location. In short, log aggregation is the process of bringing logs together, while log collection is the process of getting logs from different sources and forwarding them to a central location.

key word : forwards

page 107 of Stewart's Sybex Sec+ study guide, literally right next to each other: Log aggregation - SIEM performs aggregation of logs, event details, and system measurements pulled from the range of devices throughout the network into the centralized management server. Log Collectors - Logs can be protected against accidental and intentional malicious change using log collectors or centralized logging services, such as SIEM and Syslog. What! So the Log Collector is the "Component" (keyword) they are looking for. The action Log Collectors do is Log Aggregation. CompTIA, when we finish this exam, we are gonna celebrate, then we are gonna fight! Over all these questions' wording!

Answer: LOG AGGREGATOR What is a log aggregator? Log Aggregation Definition Log aggregation is the mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data. A collector would be something like windows event collector or a packet sniffer that forwards logs to wireshark. it takes single type of log and sends it back.

Log Collector is the answer as it collects data from "many different Sources" and brings tall of it to one single place.

pg 123 Conklin's book, Log Collectors.

Log aggregation is the mechanism for capturing, normalizing, and consolidating logs from different sources to a centralized platform for correlating and analyzing the data.