Chapter 16. Monitoring
Accepting the fact that a network will be attacked is an important step for network administrators. Attacks will be launched against almost all networks eventually, and some will be successful. A good monitoring infrastructure can help detect attacks as they occur and often stop them before there is a problem.
Monitoring and logging are often used interchangeably. The truth is they serve very different purposes. Monitoring systems are in place to track and fix problems as they occur. Logging provides administrators with historical data about the network, while monitoring provides an instant snapshot of the network.
Network monitoring should be performed 24x7. Even if the administrative staff is not onsite 24x7, notifications ...