Re: [logs] Log Analysis Book

From: Tom Perrine (tepat_private)
Date: Thu Jan 30 2003 - 22:22:21 PST

  • Next message: Rainer Gerhards: "[logs] Cisco PIX logs"

    As far as log analysis, yeah, there isn't really *one*.  I tend to see
    that in "Intrusion Detection" books.
    Northcutt's books are definitely for the practitioner, but are very
    specific about the threats.  There isn't a lot of theory, history,
    background.  It might be difficult for some people to extend the very
    precise (and very useful) ideas and procedures in those books to more
    general or perhaps new or unique problems.
    At the other end of the spectrum, is Bace's _Intrusion Detection_.  If
    I wanted a book that could be used for anything from an undergrad
    course in ID to a graduate course in ID, this would be it.  If I was
    rolling my own system, trying to understand any of the commercial or
    freeware/open IDS's out there, or in general wanting to know
    everything about ID, this is the book.
    The references in the Bace book alone are worth the price of admission.
    Disclaimer: I have met both Becky and Stephen.
    Tom E. Perrine <tepat_private> | San Diego Supercomputer Center     | 
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 09:10:48 PST