Definition of Logging
What is Logging?
Logging is the practice of recording, in some medium, sequential input, often in a time-associated format.
|
|
Logging
Automated Analysis of Cisco Log Files
Tremendous amounts of useful operations data and warnings of pending failures are available in the router logs. The challenge is that as the network gets larger, so do the number of entries in the logs, which can quickly grow to unmanageable size. Automating the analysis of router logs is essential to allow using the router logs as a proactive network management tool. Many organizations fail to take full advantage of the available information because of the high initial cost of programming around the various inconsistencies in the way various events are reported, the frequency with which individual entries are delayed, duplicated or missing, and the need to customize the software to match their network configuration.
Read the Article
|
HOWTO install rsyslog
In this paper, I describe how to install rsyslog. It is intentionally a brief step-by-step guide, targeted to those who want to quickly get it up and running. This guide focusses on installing from the source, which thankfully is quite easy.
Read the Article
|
Setting up a Linux Log Server to enhance System Security
If a break-in occurs and you want to track the cracker down, the system administrator will first check the log files for evidence of a break-in, so she must be 100% SURE that the log files are valid and haven't been tampered with.
Read the Article
|
Complete Reference Guide to Creating a Remote Log Server
A remote log server is nothing more then a system preconfigured at install-time to provide hard drive space for other systems to log to. This system must be completely secured and locked down. No unencrypted remote access should be allowed, all RPC Daemons and other misc. services should be turned off as well. The only data allowed to the machine should be UDP/Port 514. We will be walking you through a step-by-step process that details how to configure, install, and deploy a remote log server. Utilizing some of the most renowned security experts across the globe for input, I've compiled a comprehensive, and easy to understand guide on ensuring this to be a successful launch.
Read the Article
|
Detecting Intrusions with your Firewall Log and OsHids
In this article we are going to talk about one of the basics, but powerful, methods of Intrusion Detection: Firewall's Log analysis. Although a firewall generates a lot of log, being difficult to analyze it, you can use the OsHids tool to monitor your logs (generating an easy to view log in html with an PHP interface) and help you visualize any attempt to bypass your firewall policy.
Read the Article
|
Case Study: Implementing a Centralized Logging Facility
During the past several years I have found that there is an increase use in the number of Windows based systems appearing in our predominately all UNIX environment. This has been a downfall especially since UNIX and Windows systems are so different with regards to logging facilities, UNIX with its syslog facilities and Windows Eventlog; therefore I needed to find a way so that our Windows and UNIX systems could utilize a more robust logging facility. With budget concerns, being a major contributing factor, I needed to find a solution that was inexpensive. Therefore all the items that I chose to implement at this time are freeware and applications that already exist in our environment. The Windows systems needed to be configured so that they would audit the proper events and then forward that onto a UNIX system for storage and eventually analysis. Next, the UNIX systems needed a bit of tuning to get syslog to log the correct items. Finally, the logs needed to be retained and rotated.
Read the Article
|
Event Logs: Defining Their Purpose in Today's Network Security Environment
The purpose of this research topic is to identify the purpose of the event log in today's network security environment. This topic came about to solve an every day business problem. Simply, there is not enough time in the day to perform all security analyst tasks and adequately monitor all network security devices. However, expectations were that monitoring all components of network security is essential. It's the way things had been done and anything short of that may render a device or component of network security as "insecure". It was clear that something must be done.
Read the Article
|
Practical Implementation of Syslog in Mixed Windows Environments for Secure Centralized Audit Logging
The Event log service is by design a distributed system, and there are no native Windows tools available to facilitate centralization of logging functions. In addition, the failure to conform to any external logging format standard makes it impossible to interoperate with the logging functions of other operating systems or network devices. The Windows Event viewer application offers only basic functionality and is inadequate for monitoring the audit log files of any medium to large size network. In this paper, I survey some of the options available to access the Windows Event log and demonstrate how to implement a versatile centralized remote logging solution using a commercially available Win32 implementation of the Syslog protocol.
Read the Article
|
Using ISA Server Logs to Interpret Network Traffic
Firewalls are necessary for a defense-in-depth strategy. Microsoft entered the firewall market with Internet Security and Acceleration Server (ISA Server). ISA Server was a follow-on release of Microsoft Proxy Server and part of the .Net Family. As with most Microsoft products, logging capabilities are included. ISA Server contains detailed security and access logs. You can install ISA Server in three different modes: firewall mode, web caching mode, or integrated mode. In firewall mode, you can secure communication between an internal network and the Internet using rules. You can publish internal servers so that their services are available to Internet users. In web caching mode, you can decrease network bandwidth with ISA Server storing commonly accessed objects locally. You can route web requests from the Internet to an internal Web Server. In integrated mode, all of these features are available.
Read the Article
|
Getting the Most out of your Firewall Logs
A good security solution has many layers or components, commonly referred to as "Defense in Depth". Regardless of which types of security solutions are being implemented, logging is critical to ensure their implementation is running smoothly as well to keep tabs on what is happening in an environment. While it is easy to suggest that all logs should be looked on a weekly, if not daily basis, the amount of information commonly logged is so great and often times in a format that is difficult to understand, it becomes a tedious job that more times than not gets overlooked. As a result logs are either not reviewed at all or given a cursory review, which results in the most critical items being missed altogether.
Read the Article
|
|
|
Page: 1 2 3
Members currently browsing this category:
|
|