Muutke küpsiste eelistusi

E-raamat: Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management

3.88/5 (75 hinnangut Goodreads-ist)
(is a recognized security expert in the field of log management and PCI D), (Christopher Phillips is a manager and senior software developer at Dell SecureWorks, Inc.), (is a team lead and senior software developer at SecureWorks, Inc.)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 31-Dec-2012
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9781597496360
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 32,23 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log ManagementSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 31-Dec-2012
  • Kirjastus: Syngress Media,U.S.
  • Keel: eng
  • ISBN-13: 9781597496360
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

The authors provide a way to simplify the complex process of analyzing large quantities of varied logs. The log management and log analysis approaches they recommend are addressed in detail. Topics include log data sources, covert logging, simple analysis techniques, statistical analysis, log data mining, management procedures, attacks against logging systems, and cloud logging. Authors are Chuvakin (security expert, log management, PCI DSS compliance), Schmidt (senior manager, Dell SecureWorks, Inc.), and Phillips (manager and senior software developer, Dell SecureWorks, Inc.). Syngress Media is an imprint of Elsevier. Annotation ©2013 Book News, Inc., Portland, OR (booknews.com)

Effectively analyzing large volumes of diverse logs can pose many challenges, such as huge log-volumes, Logging and Log Management helps to simplify this necessary but complex process. Everything you need to know about system, network and security logging as well as about dealing with logs including log management and log analysis. From approaches to creating useful logs on systems and applications to log analysis, log searching and log review.

  • Comprehensive coverage of log management including analysis, visualization, reporting and more

  • Discover different uses for logs -- from system operations to regulatory compliance

  • Includes Case Studies including one on building your own Log Analysis System


Effectively analyzing large volumes of diverse logs can pose many challenges. Logging and Log Management helps to simplify this complex process using practical guidance and real-world examples. Packed with information you need to know for system, network and security logging. Log management and log analysis methods are covered in detail, including approaches to creating useful logs on systems and applications, log searching and log review.

  • Comprehensive coverage of log management including analysis, visualization, reporting and more
  • Includes information on different uses for logs -- from system operations to regulatory compliance
  • Features case Studies on syslog-ng and actual real-world situations where logs came in handy in incident response
  • Provides practical guidance in the areas of report, log analysis system selection, planning a log analysis system and log data normalization and correlation

Arvustused

"The authors provide a way to simplify the complex process of analyzing large quantities of varied logs. The log management and log analysis approaches they recommend are addressed in detail." --Reference and Research Book News, August 2013

"Anton Chuvakin and his co-authors Kevin Schmidt and Christopher Phillips bring significant real-world experience to the reader and an important book on the topic....For those that want to find the gold in their logs[ it] is a great resource that shows how to maximize the gold that often lays hidden in your large stores of log data." --RSA Conference, December 2012

Muu info

A comprehensive guide to log management written by the experts who wrote the rules.
Acknowledgments xv
About The Authors xvii
About The Technical Editor xix
Foreword xxi
Preface xxv
Chapter 1 Logs, Trees, Forest: The Big Picture
1(28)
Introduction
1(1)
Log Data Basics
2(13)
What Is Log Data?
2(2)
How is Log Data Transmitted and Collected?
4(2)
What is a Log Message?
6(1)
The Logging Ecosystem
7(8)
A Look at Things to Come
15(1)
Logs Are Underrated
16(1)
Logs Can Be Useful
17(6)
Resource Management
17(1)
Intrusion Detection
18(3)
Troubleshooting
21(1)
Forensics
21(1)
Boring Audit, Fun Discovery
22(1)
People, Process, Technology
23(1)
Security Information and Event Management (SIEM)
24(3)
Summary
27(2)
Chapter 2 What is a Log?
29(22)
Introduction
29(3)
Definitions
29(3)
Logs? What logs?
32(14)
Log Formats and Types
34(6)
Log Syntax
40(4)
Log Content
44(2)
Criteria of Good Logging
46(2)
Ideal Logging Scenario
47(1)
Summary
48(3)
Chapter 3 Log Data Sources
51(20)
Introduction
51(1)
Logging Sources
51(12)
Syslog
52(6)
SNMP
58(4)
The Windows Event Log
62(1)
Log Source Classification
63(7)
Security-Related Host Logs
64(4)
Security-Related Network Logs
68(1)
Security Host Logs
68(2)
Summary
70(1)
Chapter 4 Log Storage Technologies
71(22)
Introduction
71(1)
Log Retention Policy
71(2)
Log Storage Formats
73(5)
Text-Based Log Files
73(3)
Binary Files
76(1)
Compressed Files
76(2)
Database Storage of Log Data
78(3)
Advantages
78(1)
Disadvantages
78(1)
Defining Database Storage Goals
79(2)
Hadoop Log Storage
81(1)
Advantages
82(1)
Disadvantages
82(1)
The Cloud and Hadoop
82(7)
Getting Started with Amazon Elastic MapReduce
83(1)
Navigating the Amazon
83(1)
Uploading Logs to Amazon Simple Storage Services (S3)
84(2)
Create a Pig Script to Analyze an Apache Access Log
86(1)
Processing Log Data in Amazon Elastic MapReduce (EMR)
87(2)
Log Data Retrieval and Archiving
89(1)
Online
90(1)
Near-line
90(1)
Offline
90(1)
Summary
90(3)
Chapter 5 syslog-ng Case Study
93(10)
Introduction
93(1)
Obtaining syslog-ng
93(1)
What Is syslog-ngsyslog-ng?
94(1)
Example Deployment
95(4)
Configurations
96(3)
Troubleshooting syslog-ng
99(2)
Summary
101(2)
Chapter 6 Covert Logging
103(12)
Introduction
103(2)
Complete Stealthy Log Setup
105(5)
Stealthy Log Generation
105(1)
Stealthy Pickup of Logs
106(1)
IDS Log Source
106(1)
Log Collection Server
107(2)
"Fake" Server or Honeypot
109(1)
Logging in Honeypots
110(3)
Honeynet's Shell Covert Keystroke Logger
111(1)
Honeynet's Sebek2 Case Study
112(1)
Covert Channels for Logging Brief
113(1)
Summary
114(1)
Chapter 7 Analysis Goals, Planning, and Preparation: What Are We Looking For?
115(12)
Introduction
115(1)
Goals
115(2)
Past Bad Things
115(2)
Future Bad Things, Never Before Seen Things, and All But the Known Good Things
117(1)
Planning
117(5)
Accuracy
117(1)
Integrity
118(1)
Confidence
119(1)
Preservation
119(1)
Sanitization
120(1)
Normalization
120(1)
Challenges with Time
121(1)
Preparation
122(3)
Separating Log Messages
122(1)
Parsing
122(1)
Data Reduction
122(3)
Summary
125(2)
Chapter 8 Simple Analysis Techniques
127(18)
Introduction
127(1)
Line by Line: Road to Despair
127(2)
Simple Log Viewers
129(5)
Real-Time Review
129(1)
Historical Log Review
130(1)
Simple Log Manipulation
131(3)
Limitations of Manual Log Review
134(1)
Responding to the Results of Analysis
135(5)
Acting on Critical Logs
135(2)
Acting on Summaries of Non-Critical Logs
137(1)
Developing an Action Plan
138(2)
Automated Actions
140(1)
Examples
140(2)
Incident Response Scenario
140(1)
Routine Log Review
141(1)
Summary
142(3)
Chapter 9 Filtering, Normalization, and Correlation
145(36)
Introduction
145(2)
Filtering
147(1)
Artificial Ignorance
147(1)
Normalization
148(6)
IP Address Validation
150(1)
Snort
150(1)
Windows Snare
150(1)
Generic Cisco IOS Messages
151(1)
Regular Expression Performance Concerns
152(2)
Correlation
154(24)
Micro-Level Correlation
155(2)
Macro-Level Correlation
157(4)
Using Data in Your Environment
161(1)
Simple Event Correlator (SEC)
161(2)
Stateful Rule Example
163(6)
Building Your Own Rules Engine
169(9)
Common Patterns to Look For
178(1)
The Future
178(2)
Summary
180(1)
Chapter 10 Statistical Analysis
181(12)
Introduction
181(1)
Frequency
181(1)
Baseline
182(5)
Thresholds
186(1)
Anomaly Detection
186(1)
Windowing
187(1)
Machine Learning
187(3)
k-Nearest Neighbor (kNN)
188(1)
Applying the k-NN Algorithm to Logs
188(2)
Combining Statistical Analysis with Rules-Based Correlation
190(1)
Summary
191(2)
Chapter 11 Log Data Mining
193(14)
Introduction
193(1)
Data Mining Intro
194(4)
Log Mining Intro
198(2)
Log Mining Requirements
200(1)
What We Mine For?
201(2)
Deeper into Interesting
203(2)
Summary
205(2)
Chapter 12 Reporting and Summarization
207(12)
Introduction
207(1)
Defining the Best Reports
208(3)
Authentication and Authorization Reports
208(3)
Network Activity Reports
211(2)
Why They Are Important
211(1)
Specifics Reports
212(1)
Who Can Use These Reports
213(1)
Resource Access Reports
213(2)
Why They Are Important
213(1)
Specifics Reports
213(1)
Who Can Use These Reports
214(1)
Malware Activity Reports
215(1)
Why They Are Important
215(1)
Specific Reports
215(1)
Who Can Use These Reports
216(1)
Critical Errors and Failures Reports
216(1)
Why They Are Important
216(1)
Specifics Reports
216(1)
Who Can Use These Reports
217(1)
Summary
217(2)
Chapter 13 Visualizing Log Data
219(12)
Introduction
219(1)
Visual Correlation
219(1)
Real-Time Visualization
220(1)
Treemaps
221(1)
Log Data Constellations
222(5)
Traditional Log Data Graphing
227(2)
Summary
229(2)
Chapter 14 Logging Laws and Logging Mistakes
231(12)
Introduction
231(1)
Logging Laws
231(3)
Law 1---Law of Collection
232(1)
Law 2---Law of Retention
232(1)
Law 3---Law of Monitoring
233(1)
Law 3---Law of Availability
233(1)
Law 4---Law of Security
233(1)
Law 5---Law of Constant Changes
234(1)
Logging Mistakes
234(7)
Not Logging at All
235(1)
Not Looking at Log Data
236(1)
Storing for Too Short a Time
237(2)
Prioritizing Before Collection
239(1)
Ignoring Application Logs
240(1)
Only Looking for Known Bad Entries
241(1)
Summary
241(2)
Chapter 15 Tools for Log Analysis and Collection
243(24)
Introduction
243(1)
Outsource, Build, or Buy
243(4)
Building a Solution
244(1)
Buy
245(1)
Outsource
246(1)
Questions for You, Your Organization, and Vendors
246(1)
Basic Tools for Log Analysis
247(7)
Grep
247(2)
Awk
249(2)
Microsoft Log Parser
251(1)
Other Basic Tools to Consider
252(2)
The Role of the Basic Tools in Log Analysis
254(1)
Utilities for Centralizing Log Information
254(3)
Syslog
254(2)
Rsyslog
256(1)
Snare
256(1)
Log Analysis Tools---Beyond the Basics
257(5)
OSSEC
257(4)
OSSIM
261(1)
Other Analysis Tools to Consider
261(1)
Commercial Vendors
262(3)
Splunk
263(1)
NetIQ Sentinel
264(1)
IBM q1Labs
264(1)
Loggly
265(1)
Summary
265(2)
Chapter 16 Log Management Procedures: Log Review, Response, and Escalation
267(38)
Introduction
267(1)
Assumptions, Requirements, and Precautions
268(1)
Requirements
269(1)
Precautions
269(1)
Common Roles and Responsibilities
269(1)
PCI and Log Data
270(7)
Key Requirement 10
271(4)
Other Requirements Related to Logging
275(2)
Logging Policy
277(1)
Review, Response, and Escalation Procedures and Workflows
278(15)
Periodic Log Review Practices and Patterns
279(4)
Building an Initial Baseline Using a Log Management Tool
283(2)
Building an Initial Baseline Manually
285(1)
Main Workflow: Daily Log Review
286(3)
Exception Investigation and Analysis
289(2)
Incident Response and Escalation
291(2)
Validation of Log Review
293(3)
Proof of Logging
294(1)
Proof of Log Review
294(1)
Proof of Exception Handling
294(2)
Logbook---Evidence of Exception of Investigations
296(3)
Recommended Logbook Format
296(1)
Example Logbook Entry
297(2)
PCI Compliance Evidence Package
299(1)
Management Reporting
300(1)
Periodic Operational Tasks
300(3)
Daily Tasks
300(1)
Weekly Tasks
300(1)
Monthly Tasks
301(1)
Quarterly Tasks
302(1)
Annual Tasks
303(1)
Additional Resources
303(1)
Summary
303(2)
Chapter 17 Attacks Against Logging Systems
305(24)
Introduction
305(1)
Attacks
305(22)
What to Attack?
306(1)
Attacks on Confidentiality
307(6)
Attacks on Integrity
313(5)
Attacks on Availability
318(9)
Summary
327(2)
Chapter 18 Logging for Programmers
329(14)
Introduction
329(1)
Roles and Responsibilities
329(2)
Logging for Programmers
331(9)
What Should Be Logged?
332(1)
Logging APIs for Programmers
333(2)
Log Rotation
335(1)
Bad Log Messages
336(1)
Log Message Formatting
337(3)
Security Considerations
340(1)
Performance Considerations
341(1)
Summary
342(1)
Chapter 19 Logs and Compliance
343(24)
Introduction
343(1)
PCI DSS
344(6)
Key Requirement 10
345(5)
ISO2700x Series
350(3)
HIPAA
353(7)
FISMA
360(6)
NIST 800-53 Logging Guidance
361(5)
Summary
366(1)
Chapter 20 Planning Your Own Log Analysis System
367(14)
Introduction
367(1)
Planning
367(4)
Roles and Responsibilities
368(1)
Resources
368(2)
Goals
370(1)
Selecting Systems and Devices for Logging
371(1)
Software Selection
371(3)
Open Source
371(1)
Commercial
372(2)
Policy Definition
374(2)
Logging Policy
374(1)
Log File Rotation
375(1)
Log Data Collection
375(1)
Retention/Storage
375(1)
Response
376(1)
Architecture
376(2)
Basic
376(1)
Log Server and Log Collector
377(1)
Log Server and Log Collector with Long-Term Storage
378(1)
Distributed
378(1)
Scaling
378(1)
Summary
379(2)
Chapter 21 Cloud Logging
381(20)
Introduction
381(1)
Cloud Computing
381(5)
Service Delivery Models
382(1)
Cloud Deployment Models
383(1)
Characteristics of a Cloud Infrastructure
384(1)
Standards? We Don't Need No Stinking Standards!
385(1)
Cloud Logging
386(4)
A Quick Example: Loggly
388(2)
Regulatory, Compliance, and Security Issues
390(2)
Big Data in the Cloud
392(3)
A Quick Example: Hadoop
394(1)
SIEM in the Cloud
395(1)
Pros and Cons of Cloud Logging
396(1)
Cloud Logging Provider Inventory
396(1)
Additional Resources
396(2)
Summary
398(3)
Chapter 22 Log Standards and Future Trends
401(12)
Introduction
401(1)
Extrapolations of Today to the Future
402(4)
More Log Data
402(2)
More Motivations
404(1)
More Analysis
405(1)
Log Future and Standards
406(4)
Adoption Trends
410(1)
Desired Future
410(1)
Summary
411(2)
Index 413
Kevin J. Schmidt is a senior manager at Dell SecureWorks, Inc., an industry leading MSSP, which is part of Dell. He is responsible for the design and development of a major part of the companys SIEM platform. This includes data acquisition, correlation and analysis of log data.Prior to SecureWorks, Kevin worked for Reflex Security where he worked on an IPS engine and anti-virus software. And prior to this he was a lead developer and architect at GuardedNet, Inc.,which built one of the industrys first SIEM platforms. Kevin is also a commissioned officer in the United States Navy Reserve (USNR). Kevin has over 19 years of experience in software development and design, 11 of which have been in the network security space. He holds a B.Sc. in computer science. Christopher Phillips is a manager and senior software developer at Dell SecureWorks, Inc. He is responsible for the design and development of the company's Threat Intelligence service platform. He also has responsibility for a team involved in integrating log and event information from many third party providers for customers to have their information analyzed by the Dell SecureWorks systems and security professionals. Prior to Dell SecureWorks, Christopher has worked for McKesson and Allscripts where he worked with clients on HIPAA compliance and security and integrating healthcare systems. Christopher has over 18 years of experience in software development and design. He holds a Bachelors of Science in Computer Science and an MBA. Dr. Anton Chuvakin is a recognized security expert in the field of logmanagement and PCI DSS compliance. He is an author of the books "Security Warrior" and "PCICompliance" and has contributed to many others, while also publishing dozens of papers on log management, correlation, data analysis, PCI DSS, and security management. His blog(http://www.securitywarrior.org) is one of the most popular in the industry.Additionaly, Anton teaches classes and presents at many security conferences across the worldand he works on emerging security standards and serves on the advisory boards ofseveral security start-ups. Currently, Anton is developing his security consulting practice, focusing on logging and PCI DSS compliance for security vendors and Fortune 500 organizations.Anton earned his Ph.D. from Stony Brook University.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97815974963606e.html
Märksõnad: