All,
>that any such book would be inadequate for a good portion of the
>population and obsolete for the rest. Online repositories are, IMHO,
Hmm, I doubt it. I think there is enough higher-level issues to be
covered. Hey, this syslog/UDP/TCP/timestamp discussion in the list can
fill a book :-) I know of a publisher who is looking for such book. I also
have seen some notes on what the TOC might be. However, I wouldn't venture
doing it on my own :-( due to both time constraints and perceived lack of
knowledge in some areas.
>I was writing a book on it for O'Reilly. After I had finished about 3/4
Aah, that's what happened! I remember that you (Sweth) has posted a TOC
to this list and I was really curious why the book didn't surface...
> There have been some good papers published on these topics,
>though, that you could probably find if you went Googling. And of
Book will provide a consistent look at the field, which papers cannot.
Also, I don't think its too much of a problem that some material will get
old. Most tech books "live" for 1-2 years anyway. I think logging book can
be designed to have at least 1/2 of stable content which will be useful
for at least that long.
BTW, Northcutt book is _very_ good, but it only has a chapter on log
analysis...
>different log types and the meanings behind all the fields?
Normalization, high-level analysis methods, collection, aggregation -
there are many topics to cover in the book. Even a good look at "syslog
attack signatures" :-) would I think attract enough readers.
Best,
--
Anton A. Chuvakin, Ph.D., GCIA
http://www.chuvakin.org
http://www.info-secure.org
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:56:53 PST