- Training
- Training Live Events
- Training Without Travel
- Security Courses
- Security Curricula
- Certified Instructors
- Training Calendars
- SANS vLive! / SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- Coins
- SANS Onsite
- SANS SelfStudy
- SANS Summit Series
- SANS Partnership Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- List of Resources
- Top 20 List
- Top 25 Programming Errors
- 20 Coolest Jobs
- Application Security Procurement Language
- Top 10 Security Trends
- Top 5 Essential Log Reports
- Reading Room
- Webcasts
- AudioCasts
- WhatWorks
- Newsletters
- RSS Feeds
- Calendar Feeds
- Security Thought Leaders
- Security Policy Project
- Security+ Study Guide
- SANS Buyers Guide
- Security Tool Demos
- 2008 Salary Survey
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
The most trusted source for computer security training, certification and research.
select a course
San Jose, CA - April 23 - 25, 2007
- Hotel & Travel Info
- Faculty
- Vendor Expo
- General Info
- Vendor Events
- Special Events
- SANS @Night
- Brochure (PDF)
The perfect balance of theory and hands on experience.
-James d. Perry II, University of Tennessee
Additional Course Offerings: Additional courses are available in San Jose on April 25th. Please visit the WhatWorks in Mobile Encryption Summit 2007 page for more information.
Special
About
1 Day Course
About
SANS WhatWorks Summit Series
The SANS WhatWorks Summit Series brings together the thought leaders of the industry...
>> Read More
Work Study opportunities still available for WhatWorks 2007 Log Management Summit. Please visit Work Study Facilitator Page to submit an application.
Building a Log Analysis System from Open Source Tools
Wednesday, April 25, 2007 : 1pm - 4pmChris Brenton, SANS Faculty Fellow
3 CPE Credits Per Day
While commercial applications can provide a simplified path to deploying a centralized log analysis system, they can be limiting. Depending on your infrastructure design and choice of systems, it may be difficult to find the flexibility required to match your specific needs. One possible option to resolving this problem is to build your own modular system using open source tools.
This half day course is a nuts and bolts how-to on building your own log analysis system. Students attending this course will learn how to create a logging system that gives them better visibility of the events occurring on their network. In addition, the system will provide real time alerting while reducing the amount of administration time required to monitor events.
- Topics include:
- Strengths and weaknesses of an open source solution
- When to go commercial and when to build your own
- Goals of centralized logging and alerting
- Components of a log analysis system
- Choosing a logging standard
- Logging server placement & design considerations
- Scale considerations
- Validating log receipt
- Should I secure the data stream?
- The importance of time sync
- Centralized log server build up
- Configuring end devices (Windows, UNIX, Cisco IOS, etc.)
- Creating an audit trail
- Choosing a log file format and management scheme
- Breaking out from time linear log reviews
- Tools to assist in log file review
- What to look for Performing real time alerting
- © 2000-2009 The SANS™ Institute
- Web Privacy Policy | Web Contact |
- Press Room | Trademark Usage Policy