UKUUG
(the UK's Unix & Open Systems User Group)
Tutorial: Building an Enterprise Logging Infrastructure
| Tutor | Tina Bird |  |
| When | Thursday, 14 October 2004 | |
| Where | Marlborough Hotel, London, WC1 | |
| Booking deadline | Wednesday, 6 October 2004 | |
| Price | £220 +VAT (£258.50) UKUUG members (individuals / non-profit making organizations) | |
| £275 +VAT (£323.12) UKUUG members (commercial organizations) | ||
| £400 +VAT (£470.00) non-members | ||
| The price includes the full-day tutorial, refreshments, lunch, and a set of tutorial notes. | ||
A printable booking form is available
( PDF) | ||
Tutorial description:
This tutorial illustrates the importance of a network-wide, centralized logging infrastructure, introduces several approaches to monitoring audit logs, and explains the types of information and forensics that can be obtained with well-managed logging systems.
Every device on your network--routers, servers, firewalls, application software--spits out millions of lines of audit information a day. Hidden within the data that indicate normal day-to-day operation (and known problems) are the first clues that systems are breaking down, attackers are breaking in, and end users are breaking up. If you manage that data flow, you can run your networks more effectively.
Topics include:
- The extent of the audit problem: How much data are you generating every day, and how useful is it?
- Logfile content: Improving the quality of the data in your logs
- Logfile generation: syslog and its relatives, including building a central loghost, and integrating MS Windows systems into your UNIX log system
- Log management: Centralization, parsing, and storing all that data
- Legal issues: What you can do to be sure you can use your logfiles for human resources issues and for legal prosecutions
This class won't teach you how to write Perl scripts to simplify your logfiles. It will teach you how to build a log management infrastructure, how to figure out what your log data means, and what in the world you do with it once you've acquired it.
Who should attend?
System administrators and network managers responsible for monitoring and maintaining the health and well-being of computers and network devices in an enterprise environment. Although some review is provided, participants should be familiar with the UNIX and Windows operating systems and basic network security.
About the tutor
Tina Bird brings rigorous scientific discipline, a wealth of network administration and Internet security expertise, and substantial teaching experience to her role as a Computer Security Officer for Stanford University. At Stanford, she works on the design and implementation of security infrastructure for University systems; writing Security Alerts for desktop and server machines on the 40000-host network; healthcare information security & HIPAA compliance; and extending the university's logging infrastructure. She is the primary Stanford representative for FIRST, the Forum of Incident Response and Security Teams.
She moderates the Log Analysis and VPN mailing lists. With Marcus Ranum, she runs www.loganalysis.org, a portal for building enterprising logging infrastructures and interpreting log data. She is slowly authoring a short, topics guide to system logging for SAGE, the System Administrator's Guild. She is a co-moderator of the newly founded Patch Management mailing list.
Fax: 01763 273 255
Web: Webmaster
Queries: Ask Here
PO BOX 37
Buntingford
Herts
SG9 9UQ
More information