As far as log analysis, yeah, there isn't really *one*. I tend to see that in "Intrusion Detection" books. Northcutt's books are definitely for the practitioner, but are very specific about the threats. There isn't a lot of theory, history, background. It might be difficult for some people to extend the very precise (and very useful) ideas and procedures in those books to more general or perhaps new or unique problems. At the other end of the spectrum, is Bace's _Intrusion Detection_. If I wanted a book that could be used for anything from an undergrad course in ID to a graduate course in ID, this would be it. If I was rolling my own system, trying to understand any of the commercial or freeware/open IDS's out there, or in general wanting to know everything about ID, this is the book. The references in the Bace book alone are worth the price of admission. Disclaimer: I have met both Becky and Stephen. -- Tom E. Perrine <tepat_private> | San Diego Supercomputer Center http://www.sdsc.edu/~tep/ | _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 09:10:48 PST