September 2005
Intermediate to advanced
552 pages
13h 30m
English
Content preview from Linux Firewalls, Third EditionBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Log Monitoring
Monitoring log files is used to watch for anomalies that might indicate an attack. Although this method is used successfully, it can result in huge amounts of data and become cumbersome on large networks.
When combined with other tools, log monitoring can be made to work. For example, using log monitoring on a few key systems can reduce the amount of data being received. However, this and other such measures are really stop-gap measures because they do little to ensure the security of the systems that aren't monitored.
Numerous packages are available to monitor log files. Three such packages include Logsnorter, Swatch, and Logcheck. More information on each can be found at their respective websites or from within your system's ...