Logging and Audit Overview
- Windows 2000 Server Auditing and Intrusion Detection - Microsoft guide to logging. Specific to Win2000 but has lots of useful information on pattern matching for detecting intrusions
- A Guide to Understanding Audit in Trusted Systems
- Active Security Monitoring and Containment with Cross Technology Correlation: The Next Generation in Computer Security Technology
- Advanced Log Processing — Anton Chuvakin discusses log collection, transmission, etc and then gives some details on doing simple log analysis using SQL
- artificial ignorance: how-to guide
- Audit Trails
- Network Security Requirements for Devices Implementing Internet Protocol – section 2.5 discusses logging requirements
- Accepted Security Practices & Recommendations
- Commonly Overlooked Audit Trails — Essay lists places hackers frequently forget to cover their tracks
- Computer Emergency Response Team (there are specific pointers below to documents on log infrastructures, but all of the security practice and implementation documents here are really good, especially for beginners)
- CERT Coordination Center Intruder Detection Checklist
- Introduction to system logging
- Keeping Track of What Goes On, Part I (from Linux Magazine)
- Know Your Enemy II: Tracking the blackhat’s moves
- Log consolidation with syslog
- Manage logging and other data collection mechanisms
- Rethinking UNIX System Logging with SHARP — Includes a comprehensive discussion of weaknesses in traditional syslog.
- Secure Audit Logs for System Forensics
- Seminal works in computer security
- Syslog Overview — Tina Bird’s intro to syslog for system administrators.