The fifth NordU/USENIX Conference
Building a syslog Infrastructure The purpose of this tutorial is to illustrate
the importance of a network-wide centralized logging infrastructure, to introduce
several approaches to monitoring audit logs, and to explain the types of information
and forensics that can be obtained with well-managed logging systems. Every device
on your network routers, servers, firewalls, application software
spits out millions of lines of audit information a day. Hidden within the data
that indicate normal day-to-day operation (and known problems) are the first clues
that systems are breaking down, attackers are breaking in, and end users are breaking
up. If you manage that data flow, you can run your networks more effectively.
- The extent of the audit problem: How much data are you generating daily, and
how useful is it?
- Logfile content: Improving the quality of the data in your logs
- Logfile generation: syslog and its relatives, including building a central loghost,
and integrating MS Windows systems into your UNIX log system
- Log management: Centralization, parsing, and storing all that data
- Legal issues: What you can do to be sure you can use your logfiles for human
resources issues and for legal prosecutions
This class wont teach you how to write Perl scripts to simplify your logfiles.
It will teach you how to build a log management infrastructure, how to figure
out what your log data means, and what in the world you do with it once youve
Tina Bird is a network security architect at Counterpane Internet Security.
She has implemented and managed a variety of wide-area-network security technologies
and has developed, implemented and enforced corporate IS security policies. She
is the moderator of the Virtual Private Networks mailing list, and the owner of
VPN Resources on the World Wide Web. Tina has a B.S. in physics from
Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.
Who should attend:
System administrators and network managers responsible for monitoring
and maintaining the health and well-being of computers and network devices in
an enterprise environment. Although some review is provided, participants should
be familiar with the UNIX and Windows operating systems and basic network security.