Wednesday, September 05, 2007

Mammoth Logging Tutorial Coming....

Just wanted to let you know that my mammoth (=7 hour!) logging tutorial is coming soon ... I will be unleashing it upon the world the first time at MISTI IT Security World 2007 on September 20th. Prepare to be awed!!! :-)

Here is [only some of] what it will cover:

"Log Management from A to Z

Thursday, September 20, 9:00AM - 5:00PM

This workshop will cover all aspects of system, network and security logs - from making sure that logs exist, to advanced analysis techniques, to log forensics and regulatory issues related to logging. It will start from the basics of logs, cover various log types, simple log review, describe a phased approach to implementing a company-wide log analysis and then go into specific tasks that users need to be doing on a daily, weekly, monthly basis, as well as in the case of a security incident. It will also touch upon various uses of logs for forensics, compliance and operational monitoring.

This workshop will cover:

  • What the logs are and where they come from: operating systems, network gear, security devices, databases, applications, etc.
  • Configuring systems for logging: a brief run-through of common systems and applications
  • What's in the logs: what you would see if you read all the logs (even though you won't!)
  • Log centralization for analysis
  • Phased log centralization strategy
  • Log storage: just what is log retention?
  • Everything about log analysis: from manual review to data mining and advanced algorithms
  • Real-time vs. historical analysis: better late than later?
  • Log monitoring: strategy and practice
  • Logs for incident response, forensics and the court
  • Mistakes of log management: are you committing them now?
  • Upcoming log standards and log taxonomy
  • Future of log management"

Dr Anton Chuvakin