As a system administrator or security professionals, you probably find yourself inundated each day with a deluge of log files from seemingly countless devices, servers, and applications on your network ranging from Windows Server to Snort to your PIX firewall and everything in between. At times, the task of "seeing the forest through the trees" to extract useful, repeatable information from these logs may seem almost impossible. This unique book will show you how to use a combination of open source software such as Tcpdstats, and Snort perfmonitor to create succinct, meaningful reports that give you the big picture of your network's overall health and well being. So, if you need to analyze and prioritize everything from how much of your bandwidth is devoted to browsing ESPN.com, to the most targeted machines in your IDS logs, this is the book for you. This book teaches IT professionals how to analyze, manage, and automate their security log files to generate useful, repeatable information that can be use to make their networks more efficient and secure using primarily open source tools. The book begins by discussing the "Top 10" security logs that every IT professional should be regularly analyzing. These 10 logs cover everything from the top workstations sending/receiving data through a firewall to the top targets of IDS alerts. The book then goes on to discuss the relevancy of all of this information. Next, the book describes how to script open source reporting tools like Tcpdstats to automatically correlate log files from the various network devices to the "Top 10" list. By doing so, the IT professional is instantly made aware of any critical vulnerabilities or seriousdegradation of network performance. All of the scripts presented within the book will be available for download from the Syngress Solutions Web site.

作为一个系统管理员或安全专家，你可能会发现自己每天都被淹没在大量的日志文件中，这些日志文件来自网络上似乎无数的设备、服务器和应用程序，从Windows服务器到Snort到你的PIX防火墙以及两者之间的一切。有时，要从这些日志中提取有用的、可重复的信息，"拨开云雾见青天 "的任务似乎几乎是不可能的。这本独特的书将告诉你如何使用开源软件的组合，如Tcpdstats和Snort perfmonitor，以创建简洁、有意义的报告，为你提供网络的整体健康和福祉的大图片。因此，如果你需要分析和优先处理一切，从你的带宽有多少用于浏览ESPN.com，到IDS日志中最有针对性的机器，这就是适合你的书。本书教导IT专业人员如何分析、管理和自动处理他们的安全日志文件，以产生有用的、可重复的信息，从而利用主要的开源工具使他们的网络更加高效和安全。本书首先讨论了每个IT专业人士应该定期分析的 "十大 "安全日志。这10条日志涵盖了从通过防火墙发送/接收数据的顶级工作站到IDS警报的顶级目标等所有内容。然后，该书继续讨论所有这些信息的相关性。接下来，书中描述了如何编写开源报告工具（如Tcpdstats）的脚本，以自动将来自各种网络设备的日志文件与 "前10名 "列表联系起来。通过这样做，IT专业人员可以立即意识到任何关键的漏洞或网络性能的严重下降。本书中介绍的所有脚本都可以从Syngress Solutions网站上下载。