Security Log Management

1st Edition

Identifying Patterns in the Chaos

Authors: Jacob Babbin
Paperback ISBN: 9781597490429
eBook ISBN: 9780080489704
Imprint: Syngress
Published Date: 27th January 2006
Page Count: 350
39.95 + applicable tax
31.99 + applicable tax
51.95 + applicable tax
Unavailable
Compatible Not compatible
VitalSource PC, Mac, iPhone & iPad Amazon Kindle eReader
ePub & PDF Apple & PC desktop. Mobile devices (Apple & Android) Amazon Kindle eReader
Mobi Amazon Kindle eReader Anything else

Institutional Access


Description

This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the “Top 10” security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the “Top 10” list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.

Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of “log file.” This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.

Key Features

  • Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
  • Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
  • Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks

Readership

As a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of “seeing the forest through the trees” to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network’s overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you. This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the “Top 10” security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the “Top 10” list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.

Table of Contents

Introduction to Security Log Management; The Top 10 Security Logs; IDS Reporting; Firewall Reporting; Systems and Network Device Reporting; Creating a Reporting Infrastructure; Scalable, Enterprise solutions (ESM deployments); Planning for the Future

Details

No. of pages:
350
Language:
English
Copyright:
© Syngress 2005
Published:
Imprint:
Syngress
eBook ISBN:
9780080489704
Paperback ISBN:
9781597490429

About the Author

Jacob Babbin

Affiliations and Expertise

Contractor with a government agency filling the role of Intrusion Detection Team Lead