Logging and Log Analysis

  • David Basin
  • Patrick Schaller
  • Michael Schläpfer

Abstract

Operating systems and applications typically come with mechanisms for reporting errors as well as security-relevant actions such as users logging on and off. These events are reported as entries in log files. The objective of logging is to make these events transparent and comprehensible. The log files can be used to analyze and optimize services as well as to detect and diagnose security breaches.

Many logging mechanisms are not configured optimally in practice. Important messages go undetected because of the large number of log entries that are triggered by irrelevant events. Users and administrators often do not even know where to search for specific log files and how to configure the associated logging mechanisms.

There are a number of tools available that support administrators with the task of keeping track of log files. Particularly important are tools that analyze the log files. These files often contain many entries which on their own are meaningless or simply not relevant to security. It is necessary to correlate and filter these entries in order to summarize events and detect suspicious or even dangerous incidents. Furthermore, tools exist that automatically raise an alarm or initiate countermeasures when there is evidence that malicious activities are taking place.

Keywords

Intrusion Detection Intrusion Detection System Integrity Check Manual Page Intrusion Prevention System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • David Basin
    • 1
  • Patrick Schaller
    • 1
  • Michael Schläpfer
    • 1
  1. 1.ETH ZurichZurichSwitzerland

Personalised recommendations