Security Log Management: Identifying Patterns in the Chaos (Google eBook)
This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the “Top 10 security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the “Top 10 list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or serious degradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.
Almost every operating system, firewall, router, switch, intrusion detection system, mail server, Web server, and database produces some type of “log file. This is true of both open source tools and commercial software and hardware from every IT manufacturer. Each of these logs is reviewed and analyzed by a system administrator or security professional responsible for that particular piece of hardware or software. As a result, almost everyone involved in the IT industry works with log files in some capacity.
* Provides turn-key, inexpensive, open source solutions for system administrators to analyze and evaluate the overall performance and security of their network
* Dozens of working scripts and tools presented throughout the book are available for download from Syngress Solutions Web site.
* Will save system administrators countless hours by scripting and automating the most common to the most complex log analysis tasks
What people are saying - Write a review
We haven't found any reviews in the usual places.
Chapter 3 Firewall Reporting
Chapter 4 Systems and Network Device Reporting
Chapter 5 Creating a Reporting Infrastructure
Chapter 6 Scalable Enterprise Solutions ESM Deployments
Chapter 7 Managing Log Files with Microsoft Log Parser
Chapter 8 Investigating Intrusions with Microsoft Log Parser
Chapter 9 Managing Snort Alerts with Microsoft Log Parser
Alerts application archive attack automated Awstats awstats.pl?conﬁg=<yoursite BACKDOOR beneﬁts chapter client conﬁguration connection correlation create database deploy deployment determine devices and systems DNS queries domain e-mail enterprise environment ESM tools event log example ﬁeld Figure ﬁnd ﬁrewall ﬁrewall logs ﬁrst ﬁt following command format graph grep headerRow:off host hostlook i:csv ICMP iHeaderFile:AlertHeader.csv iTsFormat:mm/dd/yy-hh:mm:ss implement ESM Internet IP addresses ip fragmented log data log ﬁle log ﬁle data Log Parser log/bro/dns/dns.log.*$yesdate logins Logparser.exe malware Microsoft misc-activity modiﬁed monitoring Mysql organization output packets parse path/to/logs/SHR_snort.txt echo port Portscan preprocessor print $4 problem Protocol rotation rrdtool script security policy security team sensors sfportscan.log.old simply SMTP Snort solution speciﬁc stream4 syslog server tcpdump TDx/TR tmpfile track trafﬁc uniq USER-AGENT Web server Windows XML ﬁle
Page ii - Through this site, we've been able to provide readers a real time extension to the printed book. As a registered owner of this book, you will qualify for free access to our members-only firstname.lastname@example.org program. Once you have registered, you will enjoy several benefits, including: • Four downloadable e-booklets on topics related to the book. Each booklet is approximately 20-30 pages in Adobe PDF format.
Page viii - As a systems engineer with over 13 years of real- world IT experience, he has become an expert in many areas, including Web development, database administration, enterprise security, network design, and project management. Jeremy has contributed to several...
Page ii - ... in this book. • A comprehensive FAQ page that consolidates all of the key points of this book into an easy to search web page, providing you with the concise, easy to access data you need to perform your job. • A "From the Author...