As some of you know, I’ve been secretly working on a one day SANS Log Management class for quite some time now. A few trials were conducted and most-if-not-all-all guinea pigs survived their encounter with the log :-)
It now seems increasing likely that this class will be first launched at SANS CDI 2009 in DC this December.
Here is the information about it – please sign up now:
Thursday, December 17, 2009 : 9am – 5pm
Description: This first-ever dedicated log management class for IT and security managers will cover system, network, and security logs and their management at an organization. We will start with the basics, like making sure that logs exist, and then go on to touch upon everything from managing log storage, to analysis techniques, to log forensics and regulatory issues related to logging.
In the beginning, we will cover various log types and provide configuration guidance, describe a phased approach to implementing a company-wide log management program, and go into specific tasks that IT and security managers need to be focusing on a daily, weekly, and monthly basis in regards to log monitoring.
A unique and comprehensive section that covers the hot topic of using logs for regulatory compliance, such as PCI DSS, will also be presented. Everybody knows that logs are essential for resolving compliance challenges; this class will teach you what you need to concentrate on and how to make your log managementcompliance-friendly.
The class will also touch upon various uses of logs for incident response, forensics, and operational monitoring. Common logging mistakes, learned from many years of working with logs, will also be explained.
Here is my “Author Statement” about the class:
Logs and log analysis have long been one of the most challenging areas of security; they are also closely tied to proper system and network administration practices. With regulatory compliance added on top with specific requirements on log collection, retention, and analysis (such as those found in PCI DSS), there has never been a better time to FINALLY get your logs under control. This class is the first-ever dedicated class on getting your log management project right. If you know that "you need to have those logs handled!", sign up and learn exactly how to do that. Many years of experience with logs went into this class and so you, an attendee, have a chance to avoid the most damaging mistakes and learn from many years of the author's experience with logging, log management, log tools, and the use of logs for various purposes.