Presentation is loading. Please wait.

Presentation is loading. Please wait.

Logging. What is a log? What gets logged? Logins / logouts Privilege escalation Security relevant events.

Published byBlaise Brown Modified over 9 years ago

Similar presentations

Presentation on theme: "Logging. What is a log? What gets logged? Logins / logouts Privilege escalation Security relevant events."— Presentation transcript:

1 Logging

2 What is a log?

3 What gets logged?

4 Logins / logouts Privilege escalation Security relevant events

5 What goes in a log?

6 Why keep logs?

7 Why look at logs? (Marcus) Policy Legality Cost saving

8 Common mistakes (Marcus) #1 – collecting it and not looking atit (might as well log to /dev/null) #2 – watching logs from perimeter systems while ignoring internal systems #3 – Designing your log architecture before you decide what you ’ re going to collect #4 – Only looking for what you know you want to find instead of just looking to see what you find.

9 Common Mistakes 2: #5 – Proceeding without doing envelope estimates with of load. #6 – thinking your logs are evidence if you don ’ t collect them right #7 – forgetting that this is just a data management problem #8 – Drinking the XML Kool-ade

10 How are things logged? f = fopen(“logfile”,”w+”) syslog() Logger

11 Web Logs

12 Mail Logs

13 Radius Logs

14 Melissa

15 Log architectures UDP log issues Windows

16 Logging on Unix /etc/syslog.conf /etc/newsyslog.conf Grep swatch

17 Logging on Windows: Event Viewer Local security settings

18 Log hosts & Aggregation

19 Federal Rules of Evidence

20 What is Hearsay?

21 Can you trust these logs?

Download ppt "Logging. What is a log? What gets logged? Logins / logouts Privilege escalation Security relevant events."

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.

Standardized Threat Indicators Tenable Formatted Indicator Export Adversary Analysis (Pivoting) Private and Community Incident Correlation ThreatConnect.
Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.

Managing logs with syslog-ng and SWATCH AfNOG 11, Kigali/Rwanda.
Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,

Miss Scarlet with a lead pipe, in the library Players: 3 to 6 Contents: Clue game board, six suspect tokens, six murder weapons, 21 cards, secret envelope,
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Unix System.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
NOC TOOLS syslog AfNOG 2009 - Cairo, SI-E, 2 of 5 Sunday Folayan.

NOC TOOLS syslog AfNOG Cairo, SI-E, 2 of 5 Sunday Folayan.
AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.

AfChix 2011 Blantyre, Malawi Log management. Log management and monitoring ■ What is log management and monitoring ? ● It's about keeping your logs in.
Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.

Network Management Workshop intERlab at AIT Thailand March 11-15, 2008 Log management.
Security Guidelines and Management

Security Guidelines and Management
Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.

Maintaining Host Security Logs.  Security logs are invaluable for verifying whether the host's defenses are operating properly.  Another reason to maintain.
Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.

Event Viewer Was of getting to event viewer Go to –Start –Control Panel, –Administrative Tools –Event Viewer Go to –Start.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Bluebell Calendar and To Do are views in your mail database that you can use to manage your time, schedule meetings, and keep track of to do items. By.

Bluebell Calendar and To Do are views in your mail database that you can use to manage your time, schedule meetings, and keep track of to do items. By.
Correlations, Alarms and Policies

Correlations, Alarms and Policies
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
New SA Training Topic 9: Logging, Monitoring, and Performance  Logging  Windows – “Auditing”  Linux – syslog  Monitoring  MRTG  Big Brother  Performance.

New SA Training Topic 9: Logging, Monitoring, and Performance  Logging  Windows – “Auditing”  Linux – syslog  Monitoring  MRTG  Big Brother  Performance.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.

Similar presentations

Ads by Google