Tina Bird

The fifth NordU/USENIX Conference

Building a syslog Infrastructure The purpose of this tutorial is to illustrate the importance of a network-wide centralized logging infrastructure, to introduce several approaches to monitoring audit logs, and to explain the types of information and forensics that can be obtained with well-managed logging systems. Every device on your network – routers, servers, firewalls, application software – spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.
Topics include:
- The extent of the audit problem: How much data are you generating daily, and how useful is it?
- Logfile content: Improving the quality of the data in your logs
- Logfile generation: syslog and its relatives, including building a central loghost, and integrating MS Windows systems into your UNIX log system
- Log management: Centralization, parsing, and storing all that data
- Legal issues: What you can do to be sure you can use your logfiles for human resources issues and for legal prosecutions
This class won’t teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you’ve acquired it.
Tina Bird is a network security architect at Counterpane Internet Security. She has implemented and managed a variety of wide-area-network security technologies and has developed, implemented and enforced corporate IS security policies. She is the moderator of the Virtual Private Networks mailing list, and the owner of “VPN Resources on the World Wide Web”. Tina has a B.S. in physics from Notre Dame and an M.S. and Ph.D. in astrophysics from the University of Minnesota.
Who should attend:
System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Although some review is provided, participants should be familiar with the UNIX and Windows operating systems and basic network security.