Log Security and Log Analysis Tools

[sukishan]

Log Security and Log Analysis Tools
When tightening controls on log files or using non-traditional methods such as those described earlier, the interaction between raw logs and analysis applications can become complicated.

Tony feels that it's the usual problem -- you create a very safe system, but then it becomes a complete pain in the neck to get anything from. If you send your logs to a secure log server, you will most probably have some kind of system administration issues. The root of the problem is that a log machine should allow connections exclusively for logging and (most probably) for ssh connections.

"What can you do then? The trick in this case is simple: let the log server itself connect to a Web server, and upload the information in a "default" format every day. Then, extract and format all the statistics you need from the Web server, As usual, having a secure architecture implies more work and knowledge. That's probably why most companies seem to give up on it, and use the "cross your fingers" path," Mobily added