SecurityRatty: tag: log-management

Logging Poll #8 Analysis: Needed Log Context

2008-06-03 08:38:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

In my poll #8 , I asked a question : what information is most important when analyzing a particular log record. Live results are here and final count is also below What can we conclude First , good documentation never hurts :-) - indeed, the most popular information to look for when facing a new log record is documentation on what it means....

Tags: log, recent log entry, strange log entry, log time stamps, log record, heavy log, log entry, complement logs, logs

Logging Poll #9 Analysis: Log Security

2008-09-05 13:48:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

This is the analysis of my last poll; the responses are here and also below First , the most obvious conclusion: people still don't care much about log security ; I am saying that since this was BY FAR the least popular of my polls . Only 24 people responded, so everything below is pretty unscientific :-) A good way to explain it: look at the...

Tags: log data, log security, people care, logs, care, protect logs, people, log server, access

Fun Log-reading

2008-04-21 21:24:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Now, some of you are on the verge of saying "Anton! Stop reading (and posting links ) - start writing already I will, I will But for now, here is some fun log-related stuff, in one enjoyable pile Logs and security (clouded) by BeastOrBudda . Good content on tracking activities thru various logs and HOT video link ( here Is It Better To Leave...

Tags: logs, hot video link, security, security events, information whatsoever, fun, enjoyable pile, windows server, conceivable purposes

Log Haiku #2

2008-04-23 16:27:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Here is my Log Haiku #2 Something mysterious transpires Where? How Log analysis or bust About me: http://www.chuvakin.org

Tags: log haiku, log analysis, mysterious transpires, bust, org, chuvakin

Poll #8 Log Analysis Context

2008-05-05 13:44:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

So, my next poll is up - and it is fun: Which of the types of information below are most useful when trying to make sense of a log entry Vote here Past polls Poll #7 " What tools do you use for Windows Event Log collection? " ( analysis Poll #6 "Which logs do you LOOK at?" ( analysis Poll #5 " What are your top challenges with logs? " (...

Tags: poll, analysis, collect logs, collect, logs, log entry, top challenges, past polls, types

Another Old Presentation: Log Baselining

2008-05-08 12:07:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

As I did in the past , I am releasing another one of my old presentations . This one is about baselining logs and was given at SANS a few years ago as SANS @ Night. It mostly a subset of my "Log Mining" preso , but with some things added and clarified. Keep in mind, this is circa 2006 or so I dug out a few more fun ones, that go as far back as...

Tags: log, sans, circa, fun, logs, subset, dug, past, chuvakin

Another Old Presentation: What Every Organization Must Log and Monitor

2008-05-15 15:11:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Finally, I decide to "liberate" this presentation as well: "What Every Organization Must Log and Monitor" circa 2004 This is still very useful and relevant; also, many people will appreciate my attempt to do the impossible i.e. give a simple answer to a very complex question (BTW, it rarely works So View | Upload your own About me:...

Tags: monitor, log, organization, presentation, simple answer, complex question, circa, rarely, relevant

DecaffeinatID: A Very Simple IDS / Log Watching App / ARPWatch For Windows

2008-06-19 00:37:16 by Editor in Irongeek's Security Site

DecaffeinatID started because I wanted a simple ARP Watch like application for Windows. In a short matter of time, feature creep set in. DecaffeinatID is a simple little app that acts as an Intrusion Detection System (more of a log watcher really) to notify the user whenever fellow users at their local WiFi hotspot/ LAN are up to the kind of...

Tags: simple, decaffeinatid, simple arp, intrusion detection system, feature creep set, coffee shops, windows, short matter, reindeer games

Poll #9 How Much Log Security Do You Need?

2008-08-05 14:59:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

Yes! YES! Y-E-S My next logging poll is out - with it I set out to figure out the old mystery of mine, why people don't protect their log data (e.g. see this lamentation " Top 11 Reasons to Secure and Protect Your Logs Vote away! As always, results will be posted Past polls and analysis are all here . Enjoy About me: http://www.chuvakin.org

Tags: protect, poll, log data, past polls, figure, y-e-s, secure, logs, mystery

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo