- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
Washington, DC - July 12 - 14, 2006
- Hotel & Travel Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
Excellent conference! Allows you to hit the ground running with effective skills and tools! Best security training in IT!
-Russell Morrison, AXYS
Post Summit Courses
Bonus Session: Two Log Management Short Courses
Join us for two insightful half-day courses led by Windows Log guru, Randy Smith and SANS Instructor, Chris Benton.
- Uncovering Secrets from the Windows Security Log
- Building a Log Analysis System with Open Source Tools
Uncovering Secrets from the Windows Security Log
Instructor: Randy Smith, Ultimate Windows Security
The Windows security log is extremely important to monitoring all aspects of Windows security. But it is also the most poorly documented area of Windows 2000 and Windows Server 2003. For most events, Microsoft documentation simply restates the static text of the event's description. Where information exists, it is riddled with inaccuracies. More importantly, Microsoft provides almost no guidance and very little background information for individual events much less events in context with other events. In addition, the security log event IDs and codes change from one version of Windows to the next, which makes security log knowledge even more arcane and complicates the design of programs that monitor the security log. In this half-day seminar, you will gain essential knowledge for leveraging the Windows security log. The seminar includes live demonstrations on Windows Server 2003 and time for Q&A. You will learn the meaning and value of all 9 audit categories how to centrally monitor logon events for your entire domain to track user access to files and folders to monitor programs executed by users why it is crucial to monitor member server logs in addition to domain controllers the meaning of the security logs many cryptic codes the truth about the impact on performance of auditing and other misconceptions.
Randy Franklin Smith, CISA, SSCP, Security MVP is an information security consultant and trainer who specializes in Windows and Active Directory security and compliance. Randy is an expert on the Windows Security Log having authored a book and over 2 dozen articles on the subject. Randy is the publisher of the free Security Log Encyclopedia and has provided design consultation to a number of security log software development firms.
Building a Log Analysis System with Open Source Tools
Instructor: Chris Brenton
While commercial applications can provide a simplified path to deploying a centralized log analysis system, they can be limiting. Depending on your infrastructure design and choice of systems, it may be difficult to find the flexibility required to match your specific needs. One possible option to resolving this problem is to build your own modular system using open source tools.
This half day course is a nuts and bolts how-to on building your own log analysis system. Students attending this course will learn how to create a logging system that gives them better visibility of the events occurring on their network. In addition, the system will provide real time alerting while reducing the amount of administration time required to monitor events.
Topics include:- Strengths and weaknesses of an open source solution
- When to go commercial and when to build your own
- Goals of centralized logging and alerting
- Components of a log analysis system
- Choosing a logging standard
- Logging server placement & design considerations
- Scale considerations
- Validating log receipt
- Should I secure the data stream?
- The importance of time sync
- Centralized log server build up
- Configuring end devices (Windows, UNIX, Cisco IOS, etc.)
- Creating an audit trail
- Choosing a log file format and management scheme
- Breaking out from time linear log reviews
- Tools to assist in log file review
- What to look for Performing real time alerting
Chris Brenton, is an independent consultant who has authored many books including Mastering Network Security, Mastering Cisco Routers, and Active Defense: A Comprehensive Guide to Network Security. Chris is the lead author for the SANS Firewalls, Perimeter Protection and VPNs course. He also maintains courseware in the advanced Audit course in addition to being a SANS Instructor and a lead incident handler for SANS Internet Storm Center.
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy