17.3. Sifting Through Logged Data
Now that the logging information has been secured, centralized, and sorted into separate files, the next step is to determine how to isolate important information. A trap that some administrators fall into is relying too heavily on monitoring information to determine when there is a problem and using logging data only after an incident has occurred. Monitoring information is important, but it doesn’t always tell when there is a problem. Logged data can help bring to light emerging patterns on the network, which indicate there may be a potential security breach.
As has already been mentioned, the problem is that so much logging data is generated by network devices that relying on a human to pick out patterns ...
Get The Practice of Network Security: Deployment Strategies for Production Environments now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.