One of the most challenging, yet rewarding, aspects of perimeter security is network log file analysis. This process involves trying to identify intrusions and intrusion attempts through vigilant monitoring and analysis of various log files and then correlating events among those files. There are many different types of network log files to review, from network firewalls, routers, and packet filters to host-based firewalls and intrusion detection systems (IDSs). Although analyzing log files might sound a bit tedious to you, the techniques presented in this chapter can help you to gain a great deal of value from your files in a short amount of time.

This chapter discusses several important topics that demonstrate ...