Hi Kai, --- Kai Michael Hoever <kai@private> escreveu: > Hi all, > > I'm currently writing my degree dissertation on > logfile analysis. I > was glad to find this list discussing this issue by > professionals. > Unfortunately I wasn't able to find much useful > information about > logfile analysis itself, neither in the internet nor > in books or > scientific papers. The books I found (e.g. Babbin et > al: Security Log > Management) weren't very useful. Thus I contacting > you to get some > answers: > Do you know any book, paper, link etc. where attack > signatures in log > files are described? In the ossec web site we have some examples of attack signatures found in log files. It is not very complete, but with have examples of sucessful and failed attempts for multiple applications (from ftpd, sshd, etc), examples of web attacks, traces of vulnerability scans, etc. http://www.ossec.net/wiki/index.php/Log_Samples You can also look at the ossec signatures for examples of patterns and how we classify them (in categories and by severity): http://www.ossec.net/rules/ > Do you know any resource where log-entries are > described and/or > classified? > Which books, papers etc. can you recommend about > logfile analysis? I wrote some time ago a paper about *"log analysis for intrusion detection", that can help: http://www.ossec.net/en/loganalysis.html *Note, that I am updating it with more ideas, including mail log analysis, ids+firewall logs correlation, etc. Hope it helps. -- Daniel B. Cid dcid ( at ) ossec.net _______________________________________________________ Você quer respostas para suas perguntas? Ou você sabe muito e quer compartilhar seu conhecimento? Experimente o Yahoo! Respostas ! http://br.answers.yahoo.com/ _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun Sep 24 2006 - 11:29:59 PDT