17.3. Sifting Through Logged Data

Now that the logging information has been secured, centralized, and sorted into separate files, the next step is to determine how to isolate important information. A trap that some administrators fall into is relying too heavily on monitoring information to determine when there is a problem and using logging data only after an incident has occurred. Monitoring information is important, but it doesn’t always tell when there is a problem. Logged data can help bring to light emerging patterns on the network, which indicate there may be a potential security breach.

As has already been mentioned, the problem is that so much logging data is generated by network devices that relying on a human to pick out patterns ...

Get The Practice of Network Security: Deployment Strategies for Production Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.