Network Security Blog » So many logs, so little time

Nov 30 2006

So many logs, so little time

Published by Martin at 9:16 am under Simple Security

Andy, IT Guy gives a specific example of how monitoring logs would have saved one company he consulted at a lot of time and grief. The only problem is, in most organizations, log monitoring is an afterthought, if it’s a thought at all. My last job was as the administrator of the IDS systems for a major state agency, and as such I spent my day monitoring Snort (later Sourcefire) logs for suspicious incidents, but most IT departments don’t have the luxury of dedicating a specific resource to that type of monitoring.

If you have to monitor logs, find some way of aggragating and filtering your logs. There are a number of open source and commercial solutions that will allow you to do both with varying degrees of implementation and daily usage pain. But even a central syslog collector you can review through grep commands is better than having to go to each of the systems individually. I’m looking at a Cisco Security Monitoring, Analysis and Response System (CS-MARS) implementation early next year, but your needs may be equally well served with a collection of open source tools you put together yourself.

Anything’s better than not looking at the logs at all.

Trackback URI | Comments RSS

Leave a Reply

Search
Twitter Updates
- @stacythayer Well, don't get too comfortable, I'm headed into the city in just a few. Beware geeks bearing gifts
Coffee Damage Fund

Any monies donated will go towards replacing equipment damaged by coffee spills in my office, a more common occurrence than it should be.
Popular Tags

Categories
- Apple/Mac (22)
- Blogging (99)
- CISSP/ISC2 (14)
- Cobia (8)
- Encryption (25)
- Firewall (17)
- General (313)
- Government (92)
- Hacking (187)
- Humor (26)
- IDS (39)
- Linux (26)
- Malware (92)
- Microsoft (62)
- PCI (63)
- Phishing, scams, etc. (40)
- Podcast (195)
- Privacy (81)
- Security Advisories (125)
- Simple Security (104)
- Site Configuration (81)
- Testing (8)
- Uncategorized (25)
Monthly
- May 2008 (16)
- April 2008 (35)
- March 2008 (18)
- February 2008 (18)
- January 2008 (24)
- December 2007 (3)
- November 2007 (3)
- October 2007 (4)
- September 2007 (4)
- August 2007 (26)
- July 2007 (27)
- June 2007 (16)
- May 2007 (18)
- April 2007 (30)
- March 2007 (40)
- February 2007 (42)
- January 2007 (45)
- December 2006 (17)
- November 2006 (37)
- October 2006 (58)
- September 2006 (54)
- August 2006 (51)
- July 2006 (30)
- June 2006 (36)
- May 2006 (40)
- April 2006 (28)
- March 2006 (42)
- February 2006 (41)
- January 2006 (48)
- December 2005 (72)
- November 2005 (74)
- October 2005 (36)
- September 2005 (24)
- August 2005 (41)
- July 2005 (21)
- June 2005 (18)
- May 2005 (16)
- April 2005 (21)
- March 2005 (30)
- February 2005 (27)
- January 2005 (26)
- December 2004 (29)
- November 2004 (13)
- October 2004 (12)
- September 2004 (9)
- August 2004 (15)
- July 2004 (17)
- June 2004 (13)
- May 2004 (8)
- April 2004 (18)
- March 2004 (12)
- February 2004 (12)
- January 2004 (14)
- December 2003 (7)
- November 2003 (3)
- October 2003 (4)
- September 2003 (6)
- August 2003 (10)
Pages
- About

Podcast Powered by podPress (v8.8)