Logblog: Links: So many logs, so little time

Links: So many logs, so little time

Anton's recent post on the importance of looking at Logs has inspired a few posts

Network Security Blog: "The only problem is, in most organizations, log monitoring is an afterthought.."
The Importance Of Logs: "There may not be anything more boring in Security than reviewing log files, but there also may not be much that is more important". Maybe we should have a t-shirt along the lines of "Taking the Boredom out of Logging".
Analyzing trends in security log files: "Log files are not so much overlooked as unappreciated. After all, it would be hard to overlook the mountain of data created each day by system hardware, network devices, PC hard drives, and IT security applications. In fact, most IT and security pros have so much log data that they typically only skim it, or ignore it altogether." (BTW DarkReading dudes... Anton now works for LogLogic...)
Anton is quoted in the piece: "To fully realize the value of log data, one has to take it to the next level of log mining: actually discovering things of interest in log files without having any preconceived notion of ‘what we need to find,’” Chuvakin says. “It sounds obvious -- how can we be sure that we know of all the possible malicious behavior in advance -- but it is disregarded so often.”

Posted November 30, 2006 in | Permalink

TrackBack URL for this entry:
http://www.loglogic.com/mt/mt-tb.cgi/108