| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Writing syslog messages to MySQL In this paper, I describe how to write syslog messages to a MySQL database. Having syslog messages in a database is often handy, especially when you intend to set up a front-end for viewing them. This paper describes an approach with rsyslogd, an alternative enhanced syslog daemon natively supporting MySQL. I describe the components needed to be installed and how to configure them.
By Rainer Gerhards, 09/01/2005
|
|
Using events-per-second as a factor in selecting Security Event Management tools Events Per Second, or EPS, as it is commonly referred to in the world of network security, is a measurement that is used to convey how fast a network generates data from its security devices (firewalls, Intrusion Detection Systems (IDS), servers, routers, etc.), and/or how fast an SEM product can correlate data from those devices. A savvy buyer will match the EPS his network is generating to those that can be accommodated by the SEM tool that he is purchasing. For the purpose of this article, we define the EPS that can be accommodated by an SEM tool more precisely as the number of security-related events a product can receive, normalize, analyze/correlate, and display or act on in the form of results within an acceptable time frame.
Robert Angelino,
11/23/2004
|
|
How to detect hackers on your web server A discussion of the methods used by hackers to attack IIS web servers, and how you can use event log monitoring on your web server to be alerted to successful attacks immediately.
By GFI Software, 06/23/2004
|
|
How to perform network-wide security event log monitoring This white paper explains the need to monitor security event logs network-wide and how you can achieve this using GFI LANguard S.E.L.M. It is written by Randy Franklin Smith, author of the in-depth series on the Windows security log in Windows 2000 & .NET Magazine.
By GFI Software, 06/23/2004
|
|
Remote Syslogging - A Primer The syslog daemon is a very versatile tool that should never be overlooked under any circumstances. The facility itself provides a wealth of information regarding the local system that it monitors.
By Armando Ortiz, 04/19/2004
|
|
Logfile Analysis: Identifying a Network Attack This paper presents an in-depth look into what an automated network attack looks like in the logfiles to better understand the attacks ?after-the-fact?. I will analyze two different attacks: one being easy to determine the type and the intended goal while the other attack is not so cut and dried ? leaving some entertaining researching for readers. I will use two recent logfiles: June 23, 2001 and June 27, 2001 as each of these show an automated attack. I will detail what I see in the logs, attempt to determine the computer(s) involved, the operating system(s) they run, and the tool(s) that were used. I will suggest ways to prevent damage from such attacks and provide links to associated patches, if available.
04/15/2004
|
|
Archiving Event Logs The objective of this paper is to explain why it is necessary to archive, or save, event logs and to provide guidance about archiving event logs. In the context of this discussion, event logs are generally computer-generated records of a system's internal activity. The systems generating the event logs can be network devices, such as routers and firewalls, and computer systems using various operating systems, such as UNIX, Linux, and Microsoft Windows. The event logs from these network devices and computer systems can be very detailed and sometimes cryptic to the human reader. For example, they may contain a record of each packet a firewall either allowed to pass or dropped and detailed records of an operating system's internal processes. The logs can also indicate who logged on and off a system and what system resources a user accessed.
By Jim Stansbury, 04/15/2004
|
|
The Ins and Outs of System Logging Using Syslog The intent of this paper is to help the reader follow a process of thinking that will provide them with the tools to understand the fundamentals of system logging. Hopefully at the end you will be able to identify the best implementation for your particular environment. This paper focuses on logging using syslog which has become the de facto logging standard on UNIX based systems. Though this is syslog and UNIX specific I would hope the general discussions on logging would be helpful for any log implementation. The structure of this paper begins with a discussion on what logging is, how it helps and what considerations are needed before we implement logging. We progress towards a discussion on syslog specifics, the elements that comprise a working implementation from the basic to the more advanced, detailing configuration options and shortcomings, including implementation ideas.
By Ian Eaton, 04/15/2004
|
|
Log Analysis as an OLAP Application - A Cube to Rule Them All - This paper discusses a specific implementation of using OLAP technology on log analysis, in particular by using the Seagate Analysis OLAP client. The Seagate Analysis OLAP client, which is released free to registered users since February 2000, snuggly fits into this role for log analysis. This tool is free and powerful enough to be the first step for practitioners to explore OLAPs utility. We will discuss how OLAP alleviates the log analysis problem, basic ideas on OLAP and related database design concepts. There is also an iteration through a mini project that uses the Seagate Analysis on Windows NT Event Logs.
By Leong Ying Siong Clement, 04/15/2004
|
|
Case Study: Using Syslog in a Microsoft & Cisco Environment This case study details the development of a centralized logging infrastructure using Syslog in a Microsoft and Cisco based environment. The primary technology piece that our company employed was the Kiwi Syslog Daemon for Windows. While Kiwi has already been the topic of a wonderfully informative SANS paper by Brian Wilkins, I have sought to build on his work by discussing ways to extend the product's functionality and by focusing on practical uses of the technology.
By Dan Rathbun, 04/15/2004
|
|
Page: 1 23 |
