SecurityRatty: tag: logs

Top 11 Reasons to Analyze Your Logs

2008-02-20 16:56:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs; analyze them. Why? Here are the reasons Seen an obscure log message lately? Me too - in fact, everybody have. How do you know what it means (and logs usually do mean something) without analysis? At the very least, you need to bring additional context to know what some logs mean Logs often measure in gigabytes and soon will in terabytes;...

Tags: time, real-time analysis, analysis, analyze, log analysis systems, logs, analysis tools, log analysis expert, suddenly analyze logs

Top 11 Reasons to Hate Logs

2008-04-01 10:29:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...Logs ... With a Passion Read any logs lately? Got bored in 5 minutes - or survived for the whopping 10? Congrats, you score a point! But logs are still boooooooooooooooooooooooooooooring One log, two logs, 10 logs.... 1,000,000,000 logs: rabbits and hamsters cannot match the speed with which logs multiply . Don't you just hate that You keep...

Tags: logs, logs multiply, bad logs, log, log source, log obscurity, log data, lie, people lie

Logging Poll #6 "Which Logs Do You LOOK At?" Analysis

2008-03-06 15:01:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs poll was relatively popular; lets see what we can learn (live results are also here First , what are the top 3 log types that people look at? They are Unix/Linux server syslog Web server logs Firewall logs How does that compare with the top 3 log types that people collect (see picture showing results from my previous poll below These...

Tags: logs, logs poll, windows server logs, nidsnips logs, firewall logs, poll, people collect, web server logs, people

Reverse Compliance or "Logs as Proof of Incompetence?"

2008-05-06 17:27:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs for PCI DSS compliance (including my book chapter ) and overall logging for compliance. How about "reverse compliance" against logs Whaaaat? WTF is "reverse compliance Reverse compliance" is a motivation to purposefully avoid technologies that have a chance of telling you that you are NOT in compliance. Sadly , logging is featured very...

Tags: compliance, reverse compliance, logs, pci dss, pci dss requirements, pci dss compliance, compliance posture, compliance issues, issues

Again, On Criticality of Logs

2007-12-07 08:32:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs. Yes, my readers don't need additional motivation to take logs seriously, but these are just too cool to pass First is the interview with some convicted attacker , who said: 'Moore said it would have been easy for IT and security managers to detect him in their companies' systems ... if they'd been looking. The problem was that,...

Tags: logs, reliable logs, collect logs, decent logs, security, tjx, security managers, tjx months, log data

Logs: Parsing, Tokenizing or Extracting?

2008-03-11 01:54:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs into useful information without messing with massive quantities of regular expressions as well as performed some research on my own. In all honesty, I didn't notice a major breakthrough Until now? Here ("prequel" here and follow-up here ) is what looks like an interesting and major development along that line. Indeed, one can automate...

Tags: logs, log analyst, log, convert logs, log management, diverse log sources, text logs, log analysis, bad logs

Sexing up the logs

2008-04-03 04:00:00 by Stuart King in Stuart King's Security and Risk Management Blog

...logs. Few of us take any enjoyment out of reviewing them but there are plenty of mandates around telling us that we have to. For example, section 10 of the PCI DSS states: Review logs for all system components at least daily. Log reviews must include those servers that perform security functions like intrusion detection system (IDS) and...

Tags: logs, logs enables, security event logs, security, review logs, perform security functions, log, log output, information security events

Why [Some] Smart People Hate Logs?

2008-05-08 11:20:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs are too hard to deal with (enable, collect, store and especially understand and interpret). However, there is a whole other group of fairly intelligent people who "hate logs:" the organizers of some well-known technical security conferences. The experience of many of my colleagues (and competitors!) and myself proves that a log-related...

Tags: logs, logs sexy, people, fairly intelligent people, data, index data, darn philosophical posts, experience, exact experience

Logging Poll #4 "Who Looks at Logs?" Analysis

2008-01-08 19:48:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -

...logs . In it, I asked who actually looks at logs at the organization. Here is what came up: results are here and also included below What can we conclude from this First , a "duh" conclusion is in order! No matter how many times one can utter the word " compliance ," logs are still most useful for mundane (one would hope! :-)) system...

Tags: logs, poll, incident response, incident response team, reveal answers unobtainable, technorati tags, theoretical physicist, applications, application developers

Your name:
Your email:
Describe a problem:
AntiSPAM Validation:

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo

	Favorites
	My AOL
	My Ask Jeeves
	Blinklist
	Blogmarks
	Del.icio.us
	Digg
	Facebook
	Faves
	Furl
	Google
	Live
	Magnolia
	Netvouz
	Slashdot
	Spurl
	Technorati
	Yahoo