Chapter 17. Logging

Logging and monitoring are so closely tied together that they often overlap in the minds of network administrators. There is an important distinction that has to be made between these two aspects of network security: Monitoring provides a picture of the present situation. Logging provides historical data. The historical data may only be a few minutes old, but it is still not necessarily a representation of the current network state.

Logging tracks changes in the state of a network device and requests made to the network device. Logs are incredibly useful for tracking down information about attacks. Attackers know this, and a skilled attacker will edit log files to hide the fact he or she has accessed the system. Editing log ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.