Skip to Main Content
Network Security Hacks, 2nd Edition
book

Network Security Hacks, 2nd Edition

by Andrew Lockhart
October 2006
Intermediate to advanced content levelIntermediate to advanced
478 pages
12h 11m
English
O'Reilly Media, Inc.
Content preview from Network Security Hacks, 2nd Edition

Chapter 9. Monitoring and Trending

Hacks 8791

While the importance of reliable system logs can’t be overestimated, logs tell only part of the story of what is happening on your network. When something out of the ordinary happens, the event is duly logged to the appropriate file, where it waits for a human to notice and take the appropriate action. But logs are valuable only if someone actually reads them. When log files simply add to the deluge of information that most network administrators must wade through each day, they might be put aside and go unread for days or weeks. This situation is made worse when the log files are clogged with irrelevant information. For example, a cry for help from an overburdened mail server can easily be lost if it is surrounded by innocuous entries about failed spam attempts. All too often, logs are used as a resource to figure out what happened when systems fail, rather than as a guide to what is happening now.

Another important aspect of log entries is that they only provide a “spot check” of your system at a particular moment. Without a history of what normal performance looks like, it can be difficult to tell the difference between ordinary network traffic, a denial-of-service (DoS) attack, and a visitation from Slashdot readers. While you can easily build a report on how many times the /var partition filled up, how can you track what normal usage looks like over time? Is the mail spool clogged due to one inconsiderate user, or is it part of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Network Security Hacks

Network Security Hacks

Andrew Lockhart
Linux: Powerful Server Administration

Linux: Powerful Server Administration

Uday Sawant, Oliver Pelz, Jonathan Hobson, William Leemans

Publisher Resources

ISBN: 0596527632Errata Page