Logging And Log Management: The Authoritative Guide To Understanding Concepts Surrounding Management Undeanagement Anton Chuvakin & Kevin Schm

User Manual:

Open the PDF directly: View PDF .
Page Count: 463 [warning: Documents this large are best viewed by clicking the View PDF Link!]

Scroll down to view the document on your mobile browser.

Front Cover
Half Title
Logging and Log Management
Copyright
Contents
Acknowledgments
About the Authors
About the Technical Editor
Foreword
Preface
1 Logs, Trees, Forest: The Big Picture
- Introduction
- Log Data Basics
- A Look at Things to Come
- Logs Are Underrated
- Logs Can Be Useful
- People, Process, Technology
- Security Information and Event Management (SIEM)
- Summary
- References
2 What is a Log?
- Introduction
  - Definitions
- Logs? What logs?
- Criteria of Good Logging
  - Ideal Logging Scenario
- Summary
- References
3 Log Data Sources
- Introduction
- Logging Sources
- Log Source Classification
- Summary
4 Log Storage Technologies
- Introduction
- Log Retention Policy
- Log Storage Formats
- Database Storage of Log Data
- Hadoop Log Storage
  - Advantages
  - Disadvantages
- The Cloud and Hadoop
- Log Data Retrieval and Archiving
- Summary
- References
5 syslog-ng Case Study
- Introduction
- Obtaining syslog-ng
- What Is syslog-ngsyslog-ng?
- Example Deployment
  - Configurations
- Troubleshooting syslog-ng
- Summary
- References
6 Covert Logging
- Introduction
- Complete Stealthy Log Setup
- Logging in Honeypots
  - Honeynet’s Shell Covert Keystroke Logger
  - Honeynet’s Sebek2 Case Study
- Covert Channels for Logging Brief
- Summary
- References
7 Analysis Goals, Planning, and Preparation: What Are We Looking for?
- Introduction
- Goals
  - Past Bad Things
  - Future Bad Things, Never Before Seen Things, and All But the Known Good Things
- Planning
- Preparation
- Summary
8 Simple Analysis Techniques
- Introduction
- Line by Line: Road to Despair
- Simple Log Viewers
- Limitations of Manual Log Review
- Responding to the Results of Analysis
- Examples
  - Incident Response Scenario
  - Routine Log Review
- Summary
- References
9 Filtering, Normalization, and Correlation
- Introduction
- Filtering
  - Artificial Ignorance
- Normalization
- Correlation
- Common Patterns to Look For
- The Future
- Summary
- Reference
10 Statistical Analysis
- Introduction
- Frequency
- Baseline
- Machine Learning
  - k-Nearest Neighbor (kNN)
  - Applying the k-NN Algorithm to Logs
- Combining Statistical Analysis with Rules-based Correlation
- Summary
- References
11 Log Data Mining
- Introduction
- Data Mining Intro
- Log Mining Intro
- Log Mining Requirements
- What We Mine For?
- Deeper into Interesting
- Summary
- References
12 Reporting and Summarization
- Introduction
- Defining the Best Reports
  - Authentication and Authorization Reports
- Network Activity Reports
- Resource Access Reports
- Malware Activity Reports
- Critical Errors and Failures Reports
- Summary
13 Visualizing Log Data
- Introduction
- Visual Correlation
- Real-time Visualization
- Treemaps
- Log Data Constellations
- Traditional Log Data Graphing
- Summary
- References
14 Logging Laws and Logging Mistakes
- Introduction
- Logging Laws
- Logging Mistakes
- Summary
- Reference
15 Tools for Log Analysis and Collection
- Introduction
- Outsource, Build, or Buy
- Basic Tools for Log Analysis
- Utilities for Centralizing Log Information
- Log Analysis Tools—Beyond the Basics
- Commercial Vendors
- Summary
- References
16 Log Management Procedures: Log Review, Response, and Escalation
- Introduction
- Assumptions, Requirements, and Precautions
  - Requirements
  - Precautions
- Common Roles and Responsibilities
- PCI and Log Data
  - Key Requirement 10
    - 10.1
    - 10.2
    - 10.3
    - 10.4
    - 10.5
    - 10.6
    - 10.7
  - Other Requirements Related to Logging
- Logging Policy
- Review, Response, and Escalation Procedures and Workflows
- Validation of Log Review
- Logbook—Evidence of Exception of Investigations
  - Recommended Logbook Format
  - Example Logbook Entry
- PCI Compliance Evidence Package
- Management Reporting
- Periodic Operational Tasks
- Additional Resources
- Summary
- References
17 Attacks Against Logging Systems
- Introduction
- Attacks
- Summary
- References
18 Logging for Programmers
- Introduction
- Roles and Responsibilities
- Logging for Programmers
- Security Considerations
- Performance Considerations
- Summary
- References
19 Logs and Compliance
- Introduction
- PCI DSS
  - Key Requirement 10
- ISO2700x Series
- HIPAA
- FISMA
  - NIST 800-53 Logging Guidance
- Summary
20 Planning Your Own Log Analysis System
- Introduction
- Planning
- Software Selection
  - Open Source
  - Commercial
    - Managed Security Services Provider (MSSP)
- Policy Definition
- Architecture
- Scaling
- Summary
21 Cloud Logging
- Introduction
- Cloud Computing
- Cloud Logging
  - A Quick Example: Loggly
- Regulatory, Compliance, and Security Issues
- Big Data in the Cloud
  - A Quick Example: Hadoop
- SIEM in the Cloud
- Pros and Cons of Cloud Logging
- Cloud Logging Provider Inventory
- Additional Resources
- Summary
- References
22 Log Standards and Future Trends
- Introduction
- Extrapolations of Today to the Future
- Log Future and Standards
  - Adoption Trends
- Desired Future
- Summary
Index
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X

Navigation menu