Logging and Auditing of Log Files
Log files are records of activity: what happened, when it happened, who did it, where it came from, and so on. Although many administrators dread the auditing and analysis of log files, the simple truth is that effective logging and analysis of log files can be excellent tools for maintaining and securing a network. The first and most critical step is to enable logging on systems and network devices and ensure that the correct activities are logged. Logging failed logins is good, but logging each time a common file is successfully accessed by a legitimate user may be overkill. Determining what to log, how to log it, and how long to maintain audit logs are topics of lengthy discussions among system administrators. ...
Get CompTIA Security+ All-in-One Exam Guide (Exam SY0-301), 3rd Edition, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.