Log Analysis for Intrusion Detection by Daniel B. Cid
By secgeek - Posted on June 4th, 2006
138
vote
Log analysis is one of the most overlooked aspects of intrusion detection. Nowadays we see every desktop with an antivirus, companies with multiple firewalls and even simple endusers buying the latest security related tools.
However, who is watching or monitoring all the information these tools generate? Or even worse, who is watching your web server, mail server or authentication logs? I'm not talking about pretty usage statistics of your web logs (like what webalizer does). I'm talking about the crucial security information that only few of these events have and nobody notices. A lot of attacks would not have happened (or would have been stopped much earlier) if administrators cared to monitor their logs.
We are not saying that log analysis is easy or that you should be manually looking at all your logs on a daily basis. Because of their complexity and generally high volume, automatic log analysis is essential.
http://www.infosecwriters.com/text_resources/pdf/Log_Analysis_DCid.pdf
Bookmark/Search this post with:
Similar entries
- Detecting Intrusions with your Firewall Log and OsHids
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- Open Source Intrusion Detection and Prevention: Tools for Today's Corporate Market? by Craig Gosselin
- IDS and IPS Placement for Network protection by Robert Drum
- Exploiting Apache Tomcat.
Recent comments
30 weeks 5 days ago
33 weeks 2 days ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 2 weeks ago
1 year 18 weeks ago
1 year 34 weeks ago
2 years 25 weeks ago
2 years 26 weeks ago
2 years 28 weeks ago