Authors:
Anton Chuvakin, Kevin Schmidt
Paperback:
460 pages
Release
Date: December 2012
ISBN10:
1-59749-636-7
ISBN13:
978-1-59749-636-0
Language:
English
Publisher:
Elsevier / Syngress
Summary:
The authors do a “deep-dive” into many aspects of logging and log
management
Audience:
SysadminsWhat's My Take?
Despite a hefty 460 pages long, Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management is an easy read, primarily because it’s logically organized in 22 chapters. Each chapter covers a single concept and this also makes the book a good “grab-it-off-shelf” reference. With a little something for every sysadmin, the book has many practical guidance and real-world examples and case studies. I’d not really given the topic careful consideration previously, and found Chapter 20 on planning a log analysis system valuable. The Understatement of the Year Award comes from Chapter 4: “Log storage is an important consideration when it comes to logging.” I also liked the workflows in Chapter 16. Here’s a listing of the Chapter titles:
Chapter
1: Logs, Trees, Forest: The Big Picture
Chapter 2: What is a Log?
Chapter 3: Log Data Sources
Chapter 4: Log Storage Technologies
Chapter 5: Case Study: syslog-ng
Chapter 6: Covert logging
Chapter 7: Analysis Goals, Planning and Preparation: What Are We Looking for?
Chapter 8: Simple Analysis Techniques
Chapter 9: Filtering, Matching and Correlation
Chapter 10: Statistical Analysis
Chapter 11: Log Data Mining
Chapter 12: Reporting and Summarization
Chapter 13: Visualizing Log Data
Chapter 14: Logging Laws and Logging Mistakes
Chapter 15: Tools for Log Analysis and Collection
Chapter 16: Log Management Procedures: Escalation, Response
Chapter 17: Attacks Against Logging Systems
Chapter 18: Logging for Programmers
Chapter 19: Logs and Compliance
Chapter 20: Planning Your Own Log Analysis System
Chapter 21: Cloud Logging
Chapter 22: Log Standard and Future Trends
What Can I Learn From This Book?
Simply put: There really is a lot to learn about logging and log management. From the preface, the author writes, “It used to be that system administrators perused log files to look for disk errors or kernel panics. Today system administrators often time do double duty as system administrators and security administrators. The need to better understand what to do with security log data has never been more important. Security analysts are among the group of IT professionals who must also keep up with log analysis techniques. Many seasoned veterans have learned under “trial by fire” mode. This books aims to distill down what many people have taken years to learn by presenting material in a manner which will allow you to understand the concepts quickly.” I’d say this passage is a great summary of the book. If you deal with security (and I know you do) I’d recommend reading Chapter 17, Attacks Against Logging Systems.
Tools,
Tools, Tools?
The authors described their logging methodologies but the book is not organized with a dedicated chapter on tools per se; this is probably by design since the tools are interspersed where they make sense. The print edition features a well done index and eBook editions will allow search.
Summing
It All Up
There’s just not much out there in terms of books dedicated to the art and practice of logging. Bejtlich has two very good books (The Tao of Network Security Monitoring and The Practice of Network Security Monitoring: Understanding Incident Detection and Response) but both are narrowly focused on security issues. Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management is not only a worthy read but deserves a place in your IT book collection.
What I’d Like To See In The Next Edition
More emphasis on Windows and mobile platforms. More comprehensive coverage of Security Information and Event Management (SIEM) systems and cloud logging and correlation services (i.e., Loggly, Splunk, etc.). Note: There is one very short example of transporting logs to Loggly. I think an analysis of Return on Investment (ROI) for the various cloud services is also in order. Checklists the sysadmin can rapidly implement. A chapter on the pitfalls and pleasures of logging for digital forensics. Better yet, a companion book dedicated to using logging specifically for digital forensics examiners. A more affordable Kindle edition (only $1.50 less than the print edition at the time of this writing) would also be welcome. Proof-reading! Finally, the author should incorporate some of the tools available on his personal blog into this book (refer to http://chuvakin.blogspot.com/2010/11/log-management-tool-selection-checklist.html)!
Where Can I Find This Book?
No comments:
Post a Comment