Logging and log management the authoritative guide to understanding the concepts surrounding logging and log management
Effectively analyzing large volumes of diverse logs can pose many challenges. Logging and Log Management helps to simplify this complex process using practical guidance and real-world examples. Packed with information you need to know for system, network and security logging. Log management and log...
| Autor principal: | |
|---|---|
| Otros Autores: | , , |
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Waltham, Mass. :
Syngress
2013.
|
| Edición: | 1st edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627692206719 |
Tabla de Contenidos:
- Half Title; Logging and Log Management; Copyright; Contents; Acknowledgments; About the Authors; About the Technical Editor; Foreword; Preface; 1 Logs, Trees, Forest: The Big Picture; Introduction; Log Data Basics; What Is Log Data?; How is Log Data Transmitted and Collected?; What is a Log Message?; The Logging Ecosystem; First Things First: Ask Questions, Have a Plan; Log Message Generation; Log Message Filtering and Normalization; Log Message Collection; Logging in the Cloud; Log Analysis; Log Message Long-Term Storage; A Look at Things to Come; Logs Are Underrated; Logs Can Be Useful
- Resource ManagementIntrusion Detection; Troubleshooting; Forensics; Boring Audit, Fun Discovery; People, Process, Technology; Security Information and Event Management (SIEM); Summary; References; 2 What is a Log?; Introduction; Definitions; Logs? What logs?; Log Formats and Types; Log Syntax; Log Content; Criteria of Good Logging; Ideal Logging Scenario; Summary; References; 3 Log Data Sources; Introduction; Logging Sources; Syslog; Basic Logging with syslogd; Syslog Message Classification; The "Mark" Facility; Syslog Priority; Syslog.conf; The Mark Interval; Syslogd Output
- The Syslog ProtocolSNMP; Managers and Agents; SNMP Traps and Notifications; SNMP Get; SNMP Set; Issues with SNMP as a Log Data Alternative; The Windows Event Log; Log Source Classification; Security-Related Host Logs; Operating System Logs; Network Daemon Logs; Application Logs; Security-Related Network Logs; Network Infrastructure Logs; Security Host Logs; Host Intrusion Detection and Prevention; Summary; 4 Log Storage Technologies; Introduction; Log Retention Policy; Log Storage Formats; Text-Based Log Files; Flat Text Files; Indexed Flat Text Files; Binary Files; Compressed Files
- Database Storage of Log DataAdvantages; Disadvantages; Defining Database Storage Goals; What to Store?; Fast Retrieval; Reporting; Hadoop Log Storage; Advantages; Disadvantages; The Cloud and Hadoop; Getting Started with Amazon Elastic MapReduce; Navigating the Amazon; Uploading Logs to Amazon Simple Storage Services (S3); Create a Pig Script to Analyze an Apache Access Log; Processing Log Data in Amazon Elastic MapReduce (EMR); Log Data Retrieval and Archiving; Online; Near-line; Offline; Summary; References; 5 syslog-ng Case Study; Introduction; Obtaining syslog-ng
- What Is syslog-ngsyslog-ng?Example Deployment; Configurations; Log Sources; Local syslog-ng Server; Global syslog-ng Server; Database logging; Troubleshooting syslog-ng; Summary; References; 6 Covert Logging; Introduction; Complete Stealthy Log Setup; Stealthy Log Generation; Hiding Logging; Hiding Logging with Misdirection; Stealthy Pickup of Logs; IDS Log Source; Log Collection Server; "Fake" Server or Honeypot; Logging in Honeypots; Honeynet's Shell Covert Keystroke Logger; Honeynet's Sebek2 Case Study; Covert Channels for Logging Brief; Summary; References
- 7 Analysis Goals, Planning, and Preparation: What Are We Looking for?
