2011 | OriginalPaper | Chapter
Logging and Log Analysis
Authors : Prof. Dr. David Basin, Dr. Patrick Schaller, Michael Schläpfer
Published in: Applied Information Security
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Operating systems and applications typically come with mechanisms for reporting errors as well as security-relevant actions such as users logging on and off. These events are reported as entries in log files. The objective of logging is to make these events transparent and comprehensible. The log files can be used to analyze and optimize services as well as to detect and diagnose security breaches.
Many logging mechanisms are not configured optimally in practice. Important messages go undetected because of the large number of log entries that are triggered by irrelevant events. Users and administrators often do not even know where to search for specific log files and how to configure the associated logging mechanisms.
There are a number of tools available that support administrators with the task of keeping track of log files. Particularly important are tools that analyze the log files. These files often contain many entries which on their own are meaningless or simply not relevant to security. It is necessary to correlate and filter these entries in order to summarize events and detect suspicious or even dangerous incidents. Furthermore, tools exist that automatically raise an alarm or initiate countermeasures when there is evidence that malicious activities are taking place.