Anchor event
Definition
A log entry that can be identified with high confidence across two or more log sources, used to verify relative clock offsets and to stitch independently parsed logs together into a single timeline. A login event that appears in both an application log and a firewall log is a typical anchor.
Related terms
- Clock skew
- The difference between a device's local clock and a trusted reference time such as UTC. Skew accumulates due to hardware drift, timezone...
- DHCP lease log
- A record maintained by a Dynamic Host Configuration Protocol server that maps each IP address assignment to the requesting device's MAC address,...
- Log normalisation
- The conversion of log entries from their native format into a common schema, typically a structured record with a corrected UTC timestamp,...
- NAT (Network Address Translation)
- A mechanism by which a router replaces private source IP addresses with a single public IP address before forwarding packets to the...
- Session tuple
- The five-element identifier for a network session: source IP, source port, destination IP, destination port, and protocol. The session tuple is the...
Explained in
- Reconstructing a Network Timeline from Multiple SourcesA log entry that can be identified with high confidence across two or more log sources, used to verify relative clock offsets and to stitch independently parse...