If there were a log management hall of fame, Clifford Stoll would likely be one of the inductees. His 1986 investigation of a seemingly insignificant accounting error in a log entry, detailed in his book The Cuckoo's Egg, ultimately lead him to the hackers that penetrated systems at the Lawrence Berkeley National Laboratory.
In Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management, author and future log management hall of fame inductee Anton Chuvakin and his co-authors Kevin Schmidt and Christopher Phillips bring significant real-world experience to the reader and an important book on the topic.
Many organizations suffer the same fate as the NSA with the difficultly in effectively analyzing huge amounts of log data from disparate sources. Years ago SIM tools were supposed to easily solve that problem with log normalization and aggregation. For many firms, they are still waiting.
In 22 chapters and 400 densely packed pages, the book provides the reader with everything they need to know about log management.
The book starts with a big picture look of log data basics and how to see the forest from the tree in the timberland of log management.
Chapter 2 gets a bit philosophical and analyzes just what is a log? The chapters then progress into more advanced and deeper technical details.
Chapter 6 on Covert Logging is interested in that it details a topic not often documented, namely how to create a completely stealthy log setup.
The book also includes many case studies on logging, syslog and numerous real-world scenarios where logs were used to handle an information security incident.
Other topics include log analysis system selection, planning a log analysis system and log data normalization and correlation, log data mining, statistical analysis and much more.
Cliff Stoll ultimately found that there was gold in his log data. For those that want to find the gold in their logs, Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management is a great resource that shows how to maximize the gold that often lays hidden in your large stores of log data.