Re: [logs] Log Analysis Book

From: Anton A. Chuvakin (antonat_private)
Date: Fri Jan 31 2003 - 11:43:19 PST

  • Next message: Carroll, Shawn: "RE: [logs] Cisco PIX logs"

    >that any such book would be inadequate for a good portion of the
    >population and obsolete for the rest.  Online repositories are, IMHO,
    Hmm, I doubt it. I think there is enough higher-level issues to be
    covered. Hey, this syslog/UDP/TCP/timestamp discussion in the list can
    fill a book :-) I know of a publisher who is looking for such book. I also
    have seen some notes on what the TOC might be. However, I wouldn't venture
    doing it on my own :-( due to both time constraints and perceived lack of
    knowledge in some areas.
    >I was writing a book on it for O'Reilly.  After I had finished about 3/4
    Aah, that's what happened! I remember that you (Sweth) has posted a TOC
    to this list and I was really curious why the book didn't surface...
    >	There have been some good papers published on these topics,
    >though, that you could probably find if you went Googling.  And of
    Book will provide a consistent look at the field, which papers cannot.
    Also, I don't think its too much of a problem that some material will get
    old. Most tech books "live" for 1-2 years anyway. I think logging book can
    be designed to have at least 1/2 of stable content which will be useful
    for at least that long.
    BTW, Northcutt book is _very_ good, but it only has a chapter on log
    >different log types and the meanings behind all the fields?
    Normalization, high-level analysis methods, collection, aggregation -
    there are many topics to cover in the book.  Even a good look at "syslog
    attack signatures" :-) would  I think attract enough readers.
      Anton A. Chuvakin, Ph.D., GCIA
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Fri Jan 31 2003 - 11:56:53 PST