2 cissp ® Official Study Guide Eighth Edition

Logging, Monitoring, and Auditing 
779
Log analysis
is a detailed and systematic form of monitoring in which the logged infor-
mation is analyzed for trends and patterns as well as abnormal, unauthorized, illegal, 
and policy-violating activities. Log analysis isn’t necessarily in response to an incident but 
instead a periodic task, which can detect potential issues.
When manually analyzing logs, administrators simply open the log files and look for 
relevant data. This can be very tedious and time consuming. For example, searching 10 
different archived logs for a specific event or ID code can take some time, even when using 
built-in search tools.
In many cases, logs can produce so much information that important details can get 
lost in the sheer volume of data, so administrators often use automated tools to analyze the 
log data. For example, intrusion detection systems (IDSs) actively monitor multiple logs to 
detect and respond to malicious intrusions in real time. An IDS can help detect and track 
attacks from external attackers, send alerts to administrators, and record attackers’ access 
to resources.
Multiple vendors sell operations management software that actively monitors the secu-
rity, health, and performance of systems throughout a network. This software automati-
cally looks for suspicious or abnormal activities that indicate problems such as an attack or 
unauthorized access.

Download 19,3 Mb.

Do'stlaringiz bilan baham: