Thursday, May 8th, 2008
Now, some people hate logging, because logs are too hard to deal with (enable, collect, store and especially understand and interpret). However, there is a whole other group of fairly intelligent people who "hate logs:" the organizers of some well-known technical security conferences. The experience of many ...
Posted in Log Analysis Professionals |
Tuesday, April 8th, 2008
You're probably looking at the title of this blog post and thinking...what? What's he talking about? Well, as an incident analyst (which includes performing forensic examinations), I many times have to attempt to determine user login times, user activity on the system (applications run, files opened or modified), ...
Posted in The Art of Log Analysis |
Friday, March 7th, 2008
Under the umbrella of the common event expression (CEE) effort, we just posted a proposal for a common field list for log files.
At this point, we are really interested in getting feedback from the community! Have a look at the post on the CEE list and the list itself. Let ...
Posted in The Art of Log Analysis |
Sunday, February 17th, 2008
Somebody asked me a few days ago: EXACTLY what logging we absolutely MUST do for PCI DSS compliance? This is actually not as simple!
The honest answer to the above question is that there is no list of what EXACTLY you MUST be logging due to PCI or, pretty much, any ...
Posted in The Art of Log Analysis |
Monday, January 28th, 2008
While the world of logging is full of inconsistencies and troubles (e.g. ugly logs!), there is one that beats many others: siloed approach to logs!
There is little that I hate more than siloed approach to logs. A situation where your security team "owns" network IDS logs, the network team ...
Posted in Log Analysis Professionals |
Monday, January 28th, 2008
I'd like to welcome Dr. Anton Chuvakin to the Log Analysis Professionals stable of professional bloggers.Dr. Anton Chuvakin, GCIA, GCIH, GCFA (http://www.chuvakin.org) is a recognized security expert and book author. In his current role as a Chief Logging Evangelist with LogLogic, a log management and intelligence company, he is involved with projecting ...
Posted in Log Analysis Professionals |