Introduction to Logfile Analysis

These are the things we’re going to cover. In essence, we’re going to cover a series of tools and how they are logging the traffic they generate. If you work within a Computer Incident Response Team or as an Intrusion Detection analyst, it is very important to understand the logs you are working with. They are the key to solve the puzzle. | Introduction to Logfile Analysis Guy Bruneau GCIA Part 1 This module is designed to provide an introduction to various types of security logging software and how to interpret their content. Introduction to Log File Analysis SANS GIAC LevelTwo 2001 1 Greetings I am Guy Bruneau. Today s talk will be on Introduction to Logfile Analysis . I would like to thank the SANS Institute for this opportunity to share some of my experience and knowledge in this sometimes difficult area. This course is divided into two course modules. The first module will cover a variety of security logs to help recognize the format and the tools that generated it. In the second module we are going to work with a case stressing the importance of data correlation to piece together the intent of the probe. It will also be accompanied by 3 practical exercises. I am currently the Intrusion Detection System Engineering Coordinator at the Canadian Department of National Defense s Computer Incident Response Team DND CIRT . I have experience in UNIX security Computer Network Intrusion Detection Network Security Auditing Incident Response and Reporting Anti-virus Support and firsthand knowledge of using and tailoring Cisco Secure IDS SNORT Shadow and RealSecure. Copyright Guy Bruneau 2000-2001. All rights reserved. 1 Outline References Objectives What is Log Analysis Log Examples Review Software links Introduction to Log File Analysis - SANS GIAC LevelTwo 2001 2 These are the things we re going to cover. In essence we re going to cover a series of tools and how they are logging the traffic they generate. If you work within a Computer Incident Response Team or as an Intrusion Detection analyst it is very important to understand the logs you are working with. They are the key to solve the puzzle. 2 References 1 Book - W. Richard Stevens TCP IP Illustrated Vol. 1 Addison Wesley 1994. Trojan Ports Lists - http y2k - http - http .

Không thể tạo bản xem trước, hãy bấm tải xuống
TỪ KHÓA LIÊN QUAN
TÀI LIỆU MỚI ĐĂNG
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.