安全新兵营第二天：日志管理

 

InfoWorld Security Boot Camp: Day 2: Learn to love your log files

 

September 22 , 2009

 

YOUR ASSIGNMENT TODAY: Learn to love your log files.

WHY DO IT: Most malicious exploits and intrusions leave their fingerprints all over the log files. If the log file management system was crafted correctly, it could provide true real-time value.

HOW TO DO IT: Start by downloading and reading NIST's Special Publication 800-92, "Guide to Computer Security Log Management." (It's a .pdf file.) Then, set up an event management system that will collect, filter, and analyze your log file data, then prioritize and generate alerts. These event management systems are described with acronyms like SIM, SEM, or SEIM.

RECOMMENDED READING: "Learn to love your log files," Infoworld.com