« Information Security Must Evolve | Main | A Longview on SOX »
Finding log gems among the norm in Sendmail
Anton is focused on discovering hidden gems in log data among the mountain of log files generated on enterprise systems. Over at his O'Reilly blog, he is offering a few tips on how Sendmail, Exchange, QMail, Postfix, and other MTA logs hide a plethora of insights that are useful for email security and email performance management. To uncover rare and unusual messages easily among the hundreds of other messages out there, Anton offers a quick tutorial on mining the log data for the unusual. His approach to unearth that elusive 10% of messages that are different and potentially ominous? Reviewing and watching for errors and failures in the set of rare messages can make investigations more effective when you review log records from the same timeframe. Another key tip -- look for gaps in logging, especially those gaps that occur immediately following rare messages.
Posted November 14, 2006 in Log Management & Intelligence , Risk Management , Security | Permalink
TrackBack
TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/105
November 2007
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | ||||
| 4 | 5 | 6 | 7 | 8 | 9 | 10 |
| 11 | 12 | 13 | 14 | 15 | 16 | 17 |
| 18 | 19 | 20 | 21 | 22 | 23 | 24 |
| 25 | 26 | 27 | 28 | 29 | 30 |
Categories
Archives
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005