REVIEW: "Security Log Management", Jacob Babbin et al
- BKSCLGMN.RVW 20060821
"Security Log Management", Jacob Babbin et al, 2006, 1-59749-042-3,
%A Jacob Babbin
%A Dave Kleiman
%A Everett F. Carter
%A Jeremy Faircloth
%A Mark Burnett
%C 800 Hingham Street, Rockland, MA 02370
%E Esteban Gutierrez
%I Syngress Media, Inc.
%O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com
%O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation)
%P 333 p.
%T "Security Log Management: Identifying Patterns in the Chaos"
Chapter one reviews the problem of masses of data. The text suggests
that there are solutions, and even gives some examples, but the
writing seems to be intended only for an audience that is already
skilled, working, and well familiar with those very solutions.
Sections of sample code are provided (here and at other places in the
book), but they tend to be of limited utility because significant
chunks of the actual functional parts are missing. Various tools for
IDS (intrusion detection system) reporting are described in chapter
two. Fewer tools are listed for firewall reporting in three.
Although entitled "Systems and Network Device Reporting," chapter four
looks solely at Web server logs, and that only for a single type of
attack or situation. However, the restriction of topic is somewhat
ameliorated by the best writing in the book: the coverage of the
analysis is clear and an excellent introduction to WEb server
forensics. Chapter five has scripts for text reporting (illustrated
by graphical presentation of the data, so it is somewhat misleading).
Chapter six suggests that you should do Enterprise Security
Management, and notes some of the difficulties you may encounter, but
doesn't provide any help. Despite the title of "Managing Log Files
with Microsoft Log Parser," chapter seven merely talks about generic
file management. Chapter eight does provide some Microsoft Log Parser
SQL code for reporting, and has a few other useful suggestions. More
Log Parser SQL code, this time for formatting CSV (comma separated
version) data, is in chapter nine.
Basically, if you already know how to deal with event logs, log data,
and log data analysis, this book will provide you with some
suggestions about tools that you might want to try. If you are
already struggling with network forensics and intrusion detection, the
material in this volume won't help much.
copyright Robert M. Slade, 2006 BKSCLGMN.RVW 20060821
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
The danger in weakening encryption is that our infrastructure
would become even less secure.
- Bill Crowell, former NSA deputy director
Dictionary of Information Security www.syngress.com/catalog/?pid=4150