Security West 2014

San Diego, CA | Thu, May 8 - Sat, May 17, 2014

SEC434: Log Management In-Depth: Compliance, Security, Forensics, and Troubleshooting

This first-ever dedicated log management class teaches system, network and security logs, their analysis and management and covers the complete lifecycle of dealing with logs: the why's, how's and what's.

You will learn how to enable logging and then how to deal with the resulting data deluge by managing data retention, analyzing data using search, filtering and correlation as well as how to apply what you learned to key business and security problems. The class also teaches applications of logging to forensics, incident response and regulatory compliance.

In the beginning, you will learn what to do with various log types and provide brief configuration guidance for common information systems. Next, you will learn a phased approach to implementing a company-wide log management program, and go into specific log-related tasks that needs to be done on a daily, weekly, and monthly basis in regards to log review and monitoring.

Everyone is looking for a path through the PCI DSS and other regulatory compliance maze and that is what you will learn in the next section of the course. Logs are essential for resolving compliance challenges; this class will teach you what you need to concentrate on and how to make your log management compliance-friendly. And people who are already using log management for compliance will learn how to expand the benefits of your log management tools beyond compliance.

You will learn to leverage logs for critical tasks related to incident response, forensics, and operational monitoring. Logs provide one of the key information sources while responding to an incident and this class will teach you how to utilize various log types in the frenzy of an incident investigation.

The class also includes an in-depth look at deploying, configuring and operating an open source tool OSSEC for log analysis, alerting and event correlation.

Finally, the class author, Dr. Anton Chuvakin, probably has more experience in the application of logs to IT and IT security than anyone else in the industry. This means he and the other instructors chosen to teach this course have made a lot of mistakes along the way. You can save yourself a lot of pain and your organization a lot of money by learning about the common mistakes people make working with logs.

Day 1 includes:

  • Logging configuration
  • Log analysis and monitoring methods and tools
  • Log management processes
  • Logs for incident response and forensics
  • Logs for compliance
  • Common logging mistakes

Day 2 includes:

  • OSSEC setup and operation in depth

Course Syllabus
Jake Williams Thu May 8th, 2014
9:00 AM - 5:00 PM
Jake Williams Fri May 9th, 2014
9:00 AM - 5:00 PM
Additional Information
  Laptop Required

A laptop with Windows XP or later or recent Linux operating system installed which can unzip/gunzip compressed files. CD/DVD drive is required. MacOS is not acceptable. VMware Player (free from VMware site) or VMware Workstation must be installed

If you have additional questions about the laptop specifications, please contact


Author Statement

Logs and log analysis have long been one of the most challenging areas of security; they are also closely tied to proper system and network administration practices. With regulatory compliance added on top with specific requirements on log collection, retention, and analysis (such as those found in PCI DSS), there has never been a better time to FINALLY get your logs under control. This class is the first-ever dedicated class on getting your log management project right. If you know that "you need to have those logs handled!", sign up and learn exactly how to do that. Many years of experience with logs went into this class and so you, an attendee, have a chance to avoid the most damaging mistakes and learn from many years of the author's experience with logging, log management, log tools, and the use of logs for various purposes.

- Anton Chuvakin