Log Analysis is one of the great overlooked aspects of operational computer security. Many organizations spend hundreds of thousands of dollars on intrusion detection systems (IDS) deployments – but still ignore their firewall logs. Why? Because the tools and knowledge to make use of that data are often not there, or the tools that exist are too inconvenient. You should expect that to change. Right now, IDS vendors are up against the wall with the volumes of data they produce; the next wave in security is to try to usefully correlate and process the contents of multiple logs.
We’re dedicated to pulling together a repository of useful information on log analysis for computer security. We hope you find this site to be useful and informative. Please don’t hesitate to contact us if you’ve got suggestions for how we can make it better!
There’s remarkably little coherent information out there for the system or network administrator who wants to start getting value out of their system logs. The problems seem overwhelming; you’ve got to figure out the what, where and how of logging before you even get started on the real work, the job of making sense out of the information your systems are producing.
Relax. We’re here to help.
LogAnalysis.org is designed to help inexperienced folks figure out where and how to start, and to provide obscure information and suggestions to the people who have been doing this for ages.
The meat of the site is in the Library. Links and documentation are arranged into several broad categories: Background Information, which includes specifications & standards as well as advice on logging for developers; Building a Logging Infrastructure, which includes information on syslog servers, log rotation, and client configurations for UNIX and non-UNIX systems;
Data Analysis, which includes data parsing tools, sample data, message dictionaries, intrusion signatures, and articles on writing regular expressions; the Product Space, where we provide links to vendors of log management products and servers, as well as reviews and comments from readers of the LogAnalysis mailing list; and finally Other Resources, where we publish summaries of religious wars from the mailing list, information on other related mailing lists, and links to other sites.
If you have comments about the organization of the site, a link you think should be here, or other questions, please feel free to drop us a line.