Skip to Main Content
Security Monitoring
book

Security Monitoring

by Chris Fry, Martin Nystrom
February 2009
Intermediate to advanced content levelIntermediate to advanced
256 pages
7h 43m
English
O'Reilly Media, Inc.
Content preview from Security Monitoring

System Logging

One of the most challenging sources of event data that you will want to collect comes from the wonderful world of system logging, or syslog. Syslog information is particularly useful in environments where much of the application traffic is encrypted and cannot be analyzed by traditional packet inspection. In fact, syslog may be the only visibility you have in many cases.

In addition to being an operational and security best practice, core to several security standards and government regulations including the Federal Information Security Management Act of 2002 (FISMA), the Sarbanes-Oxley Act of 2002 (SOX), the Gramm-Leach-Bliley Act (GLBA), the Payment Card Industry (PCI), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and others is the collection of system log events.

In the Unix world, syslog is a standard for forwarding log messages in an IP network. Syslog messages are records of events occurring on a system. These events can take several forms, such as a record of a user logging in, a service starting, and even custom messages sent from applications running on the system.

According to the latest version of the IETF working group discussion,[47] the format for a syslog message is suggested to be:

{PRI} {VERSION} {TIMESTAMP} {HOSTNAME} {PROCID} {MSGID} {STRUCTURED DATA}

That is, the priority of the message, version of the syslog protocol, timestamp (as specified by RFC 3339), hostname, process identifier, message identifier (used only for filtering ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Applied Network Security Monitoring

Applied Network Security Monitoring

Chris Sanders, Jason Smith
Network Protocols for Security Professionals

Network Protocols for Security Professionals

Yoram Orzach, Deepanshu Khanna

Publisher Resources

ISBN: 9780596157944Errata Page