Logging - PowerPoint PPT Presentation
Title:
Logging
Description:
Privilege escalation. Security relevant events. What goes in a log? Why keep logs? ... 2 watching logs from perimeter systems while ignoring internal systems ... – PowerPoint PPT presentation
Number of Views:28
Avg rating:3.0/5.0
Title: Logging
1
Logging
2
What is a log?
3
What gets logged?
4
What gets logged?
- Logins / logouts
- Privilege escalation
- Security relevant events
5
What goes in a log?
6
Why keep logs?
7
Why look at logs? (Marcus)
- Policy
- Legality
- Cost saving
8
Common mistakes (Marcus)
- 1 collecting it and not looking atit (might as
well log to /dev/null) - 2 watching logs from perimeter systems while
ignoring internal systems - 3 Designing your log architecture before you
decide what youre going to collect - 4 Only looking for what you know you want to
find instead of just looking to see what you find.
9
Common Mistakes 2
- 5 Proceeding without doing envelope estimates
with of load. - 6 thinking your logs are evidence if you dont
collect them right - 7 forgetting that this is just a data
management problem - 8 Drinking the XML Kool-ade
10
How are things logged?
- f fopen(logfile,w)
- syslog()
- Logger
11
Web Logs
12
Mail Logs
13
Radius Logs
14
Melissa
15
Log architectures
- UDP log issues
- Windows
16
Logging on Unix
- /etc/syslog.conf
- /etc/newsyslog.conf
- Grep
- swatch
17
Logging on Windows
- Event Viewer
- Local security settings
18
Log hosts Aggregation
19
Federal Rules of Evidence
20
What is Hearsay?
21
Can you trust these logs?
