Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Six Mistakes of Log Management Teaser Preso

2,386 views

Published on

This is my TEASER (short version) preso on Six Mistakes of Log Management

Published in: Business, Technology
  • Be the first to comment

Six Mistakes of Log Management Teaser Preso

  1. 1. Six Mistakes of Log Management Dr Anton Chuvakin, GCIA, GCIH, GCFA LogLogic, Inc
  2. 2. Summary <ul><li>The World of System, Network and Security Logs </li></ul><ul><li>Why Look at Logs? </li></ul><ul><ul><li>Regulatory Pressure (FISMA, NIST 800-53, NIST 800-92) </li></ul></ul><ul><li>Log Analysis Overview </li></ul><ul><li>From Log Analysis to Log Management </li></ul><ul><li>Log Management Mistakes: from 0 to 5 </li></ul><ul><li>Conclusions </li></ul>
  3. 3. Log Data Overview <ul><li>Audit records </li></ul><ul><li>Transaction logs </li></ul><ul><li>Intrusion alerts </li></ul><ul><li>Connection logs </li></ul><ul><li>System performance records </li></ul><ul><li>User activity logs </li></ul><ul><li>Various alerts and other messages </li></ul><ul><li>Firewalls/intrusion prevention </li></ul><ul><li>Routers/switches </li></ul><ul><li>Intrusion detection </li></ul><ul><li>Servers, desktops, mainframes </li></ul><ul><li>Business applications </li></ul><ul><li>Databases </li></ul><ul><li>Anti-virus </li></ul><ul><li>VPNs </li></ul>What logs? From Where?
  4. 4. Six Mistakes of Log Management <ul><li>0. Not logging at all. </li></ul><ul><li>1. Not looking at the logs </li></ul><ul><li>2. Storing logs for too short a time </li></ul><ul><li>3. Prioritizing the log records before collection </li></ul><ul><li>4. Ignoring the logs from applications </li></ul><ul><li>5. Only looking at what you know is bad </li></ul>
  5. 5. Conclusions <ul><li>Now you know: </li></ul><ul><ul><li>What are the logs? </li></ul></ul><ul><ul><li>Where they come from? </li></ul></ul><ul><ul><li>Why look at them? </li></ul></ul><ul><ul><li>How people do it? </li></ul></ul><ul><ul><li>What are some of the relevant regulations? </li></ul></ul><ul><ul><li>How to deal with them? </li></ul></ul><ul><li>And how to AVOID MISTAKES in log management ! </li></ul>
  6. 6. Thanks for Attending the Presentation <ul><li>Dr Anton Chuvakin, GCIA, GCIH, GCFA </li></ul><ul><li>http://www.chuvakin.org </li></ul><ul><li>Author of “Security Warrior” (O’Reilly, 2004) – http://www.securitywarrior.org </li></ul><ul><li>See http://www.info-secure.org for my papers, books, reviews and other security resources related to logs. Book on logs is coming soon! </li></ul>

×