Would the following log files indicate the source of a breach?