Definition of Logging
What is Logging?
Logging is the practice of recording, in some medium, sequential input, often in a time-associated format.
|
|
Logging
|
|
Syslog and Netsaint: How to Integrate Centralized Logging with Centralized Monitoring
In today's organization where there are NT and Linux servers popping up alongside midrange UNIX servers, there is a growing need for centralized management. Many commercial products attempt to solve this problem by providing software that integrates centralized host management, single sign-on, SNMP monitoring, and remote control tools. These packages can be very costly and difficult to implement successfully across the enterprise. It is possible to achieve the same tasks with open-source software and the built-in utilities that most OS's provide. This paper will address three aspects of centralized management: 1) Centralized log management 2) Centralized monitoring and 3) The integration of the two technologies. The integration of these two technologies will give the overworked systems administrator more time to proactively manage his/her systems by virtually eliminating time spent poring over log files and constantly checking system status.
Read the Article
|
Importance of Understanding Logs from an Information Security Standpoint
Information Security has many facets and branches, but to really understand what is going on in this new world, you need the ability to read, translate, and understand the wide variety of logs generated by the information stream. This document will discuss the importance of logs in the 21st century, and give an idea of what problems Information Security professionals face when trying to analyze them. We start from the beginning by defining what a log really is and what its purpose is. Then we talk about ways to improve your understanding of logs, how to decipher their cryptic formats, and how to manage logs effectively. Finally we wrap up with discussion on legalities of logs, and why it is so critical to effectively manage, maintain, and secure logs.
Read the Article
|
Effective Logging & Use of the Kiwi Syslog Utility
This paper will familiarize the reader with the basics of syslog as defined by RFC 3164, describe some variations of syslog as implemented by various network hardware vendors, provide an overview specifically of Kiwi's syslog utility and its' functionality, demonstrate basic configuration of the syslog utility, and finally provide examples of some advanced configurations of the syslog utility that will offer specific automated functionality tailored toward specific needs. Screenshots and other information will be presented in order to provide a clearer understanding of how to accomplish these tasks using the utility. After reading this document, a security professional should have a good understanding of how Kiwi's syslog utility could be implemented to provide an effective means of providing network information used for a wide range of tasks.
Read the Article
|
Centralizing Event Logs on Windows 2000
This case study will detail how I setup a central repository for server logs and daily notifications of events that might indicate a security incident. This was done on a limited budget using free tools available from the internet and software already in use for other projects. My goal was to consolidate the Eventviewer logs, Internet Information Services (IIS) logs, and Urlscan logs from 15 Windows 2000 web servers into a database I could query against. I would then have the results of the queries automatically emailed to me.
Read the Article
|
A Security Analysis of System Event Logging with Syslog
An analysis of the system event logging protocol, syslog is discussed. A review of the problems with the syslog protocol are descibed. Theses security problems include the tranmission of system log data in clear text, use of UDP for network transfer and storage of event data in cleartest. A survey of some of the syslog replacements was done. The paper concludes with a disucssion of how one might go about creating a reasonably secure logging infastructure.
Read the Article
|
Case Study: Using Syslog in a Microsoft & Cisco Environment
This case study details the development of a centralized logging infrastructure using Syslog in a Microsoft and Cisco based environment. The primary technology piece that our company employed was the Kiwi Syslog Daemon for Windows. While Kiwi has already been the topic of a wonderfully informative SANS paper by Brian Wilkins, I have sought to build on his work by discussing ways to extend the product's functionality and by focusing on practical uses of the technology.
Read the Article
|
Log Analysis as an OLAP Application - A Cube to Rule Them All
This paper discusses a specific implementation of using OLAP technology on log analysis, in particular by using the Seagate Analysis OLAP client. The Seagate Analysis OLAP client, which is released free to registered users since February 2000, snuggly fits into this role for log analysis. This tool is free and powerful enough to be the first step for practitioners to explore OLAP's utility. We will discuss how OLAP alleviates the log analysis problem, basic ideas on OLAP and related database design concepts. There is also an iteration through a mini project that uses the Seagate Analysis on Windows NT Event Logs.
Read the Article
|
The Ins and Outs of System Logging Using Syslog
The intent of this paper is to help the reader follow a process of thinking that will provide them with the tools to understand the fundamentals of system logging. Hopefully at the end you will be able to identify the best implementation for your particular environment. This paper focuses on logging using syslog which has become the de facto logging standard on UNIX based systems. Though this is syslog and UNIX specific I would hope the general discussions on logging would be helpful for any log implementation. The structure of this paper begins with a discussion on what logging is, how it helps and what considerations are needed before we implement logging. We progress towards a discussion on syslog specifics, the elements that comprise a working implementation from the basic to the more advanced, detailing configuration options and shortcomings, including implementation ideas.
Read the Article
|
Archiving Event Logs
The objective of this paper is to explain why it is necessary to archive, or save, event logs and to provide guidance about archiving event logs. In the context of this discussion, event logs are generally computer-generated records of a system's internal activity. The systems generating the event logs can be network devices, such as routers and firewalls, and computer systems using various operating systems, such as UNIX, Linux, and Microsoft Windows. The event logs from these network devices and computer systems can be very detailed and sometimes cryptic to the human reader. For example, they may contain a record of each packet a firewall either allowed to pass or dropped and detailed records of an operating system's internal processes. The logs can also indicate who logged on and off a system and what system resources a user accessed.
Read the Article
|
Logfile Analysis: Identifying a Network Attack
This paper presents an in-depth look into what an automated network attack looks like in the logfiles to better understand the attacks "after-the-fact". I will analyze two different attacks: one being easy to determine the type and the intended goal while the other attack is not so cut and dried - leaving some entertaining researching for readers. I will use two recent logfiles: June 23, 2001 and June 27, 2001 as each of these show an automated attack. I will detail what I see in the logs, attempt to determine the computer(s) involved, the operating system(s) they run, and the tool(s) that were used. I will suggest ways to prevent damage from such attacks and provide links to associated patches, if available.
Read the Article
|
|
|
Page: 1 2 3
Members currently browsing this category:
|
|
