Using Splunk
Splunk (www.splunk.com) is a great tool that can be used to effectively analyze almost any kind of log file, including those in W3C format. It is free to use for our purposes here to parse text logs from our own network working with small amounts of data. However, when installed at the enterprise level, Splunk will require a license per the stated SLA.
To complete the following exercises, we recommend that you prepare a Windows Server 2008 test system with roles IIS and DHCP server added to generate your own data, or simply download the sample log files from www.sybex.com/go/masteringwindowsforensics.
Download and install Splunk on your test system; then double-click the application icon placed on your desktop to get started. Sign ...
Get Mastering Windows Network Forensics and Investigation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.