- Windows 2000 Server Auditing and Intrusion Detection - Microsoft guide to logging. Specific to Win2000 but has lots of useful information on pattern matching for detecting intrusions
- A Guide to Understanding Audit in Trusted Systems
- Active Security Monitoring and Containment with Cross Technology Correlation: The Next Generation in Computer Security Technology
- Advanced Log Processing -- Anton Chuvakin discusses log collection, transmission, etc and then gives some details on doing simple log analysis using SQL
- artificial ignorance: how-to guide
- Audit Trails
- Network
Security Requirements for Devices Implementing
Internet Protocol -- section 2.5 discusses logging requirements - Accepted Security Practices & Recommendations
- Commonly Overlooked Audit Trails -- Essay lists places hackers frequently forget to cover their tracks
- Computer Emergency Response Team (there are specific pointers below to documents on log infrastructures, but all of the security practice and implementation documents here are really good, especially for beginners)
- CERT Coordination Center Intruder Detection Checklist
- Identify and enable Web-server-specific logging mechanisms
- Identify data that characterize systems and aid in detecting signs of suspicious behavior
- Introduction to system logging
- Keeping Track of What Goes On, Part I (from Linux Magazine)
- Know Your Enemy II: Tracking the blackhat's moves
- Log consolidation with syslog
- Manage logging and other data collection mechanisms
- Rethinking UNIX System Logging with SHARP -- Includes a comprehensive discussion of weaknesses in traditional syslog.
- Secure Audit Logs for System Forensics
- Seminal works in computer security
- syslog Overview -- tbird's intro to syslog for system administrators.
Learn
Log
Analysis!
(Bonus: Now You can download Tbird's SANS Webcast Slides)