Logging could be the most boring concept ever. It’s fundamentally wasteful—billions of bytes of data are put into digital filing cabinets, never to see the light of a monitor.
You know that guy who keeps a spare copy of every receipt organized alphabetically in a file? That guy is a logger. His friends? Meet Bobby Paperclip, Johnny the Stapler, Sara Hole Punch, Frank File Cabinet, and Steve Super Glue. Who wants to be a logger?
Boring or not, logging is the most important concept in intrusion detection and recovery. Without logs, the only way to know about a problem is to observe it happening
(or it’s aftermath). Logging can be used to:
- Make sure things are going smoothly, according to routine.
- Figure out what went wrong.
- Determine performance, effectiveness, and so on.
- Hold individuals accountable for actions.
Once you start logging, you’ll begin to realize that logs are very valuable and useful in many situations. You’re might even want to start logging right away. That’s a great idea, but try not to get too friendly with the office supplies.
- Build historical records that can be useful during audits.
The above information is the start of a chapter in "Network Security Illustrated," published by McGraw-Hill and available from amazon.com, as well as your local bookstore. The book goes into much greater depth on this topic. To learn more about the book and what it covers, click here.
Below, you'll find links to online resources that supplement this portion of the book.