- General approach no matter what type of log is being looked at (not in a particular order):
- Understand the log information
- Parse the particular log format currently being scrutinized
- Keep in mind what device the log came from
- Understand the network topology
- Find anomalous/suspicious patterns based on above knowledge