Essentials of Logging
RCCE students will learn endpoint and system logging architecture including log source configuration, log collection, centralized log management, log retention policies, and log analysis for security monitoring. RCCE students will learn to configure logging on Windows, Linux, and macOS endpoints, enable security-relevant event categories, forward logs to centralized SIEM platforms, parse and normalize log data, develop log-based detection rules, investigate security events using log correlation, implement tamper-resistant logging, manage log storage and retention to meet compliance requirements, and troubleshoot log collection failures. This essentials course covers the core knowledge needed to operate competently in this domain. Starting from foundational concepts, RCCE students will learn the fundamental concepts, terminology, risks, and defenses that form the foundation for all further study and professional practice. Students build a solid knowledge base that prepares them for more advanced courses and real-world security responsibilities.
- Endpoint Security Engineers and EDR Analysts
- Windows and macOS Administrators managing privileges
- Identity and Access Management Engineers
- IT Security Operations Leads reducing attack surface
- Professionals implementing Essentials of Logging
- Execute hands-on tasks for advanced cyber defense mastery
- Explain Course Overview fundamentals
- Execute hands-on tasks for learning objectives
- Execute hands-on tasks for key outcomes — covering logging on Windows, Linux,, Investigate events using log correlation.
- Explain Logging Architecture Overview fundamentals
- Execute hands-on tasks for log sources
- Execute hands-on tasks for endpoints, servers
- Execute hands-on tasks for network devices
- Design a scalable privilege management architecture with policy and enforcement, including Defense in depth: multiple log sources and redundant paths.
- Execute hands-on tasks for core definitions & terminology
- Execute hands-on tasks for log entry
- Execute hands-on tasks for log source
| Module 01 | Advanced Cyber Defense Mastery |
| Module 02 | Course Overview |
| Module 03 | Learning Objectives |
| Module 04 | Key Outcomes |
| Module 05 | Logging Architecture Overview |
| Module 06 | Log Sources |
| Module 07 | Endpoints, Servers |
| Module 08 | Network Devices |
| Module 09 | Architecture Principles |
| Module 10 | Core Definitions & Terminology |
| Module 11 | Log Entry |
| Module 12 | Log Source |
| Module 13 | Log Sources & Event Categories |
| Module 14 | Common Log Sources |
All hands-on labs run on Rocheston Rose X OS. Students practice essentials of logging by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for advanced cyber defense mastery
- Lab 2: Explain Course Overview fundamentals
- Lab 3: Execute hands-on tasks for learning objectives
- Lab 4: Execute hands-on tasks for key outcomes
- Lab 5: Explain Logging Architecture Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Essentials of Logging, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI