SANS Log Management Summit

Richard Bejtlich (TaoSecurity) wrote an excellent and extensive overview of the recent SANS Log Management Summit 2006. He mentions that Chris Brenton and Mike Poor unveiled the SANS Top 5 Essential Log Reports. I had not know about this report before. The list is:

  1. Attempts to Gain Access through Existing Accounts
  2. Failed File or Resource Access Attempts
  3. Unauthorized Changes to Users, Groups and Services
  4. Systems Most Vulnerable to Attack
  5. Suspicious or Unauthorized Network Traffic Patterns


Richard provides some detail on a talk by Lawyer Ben Wright about log management and legal issues. Ben provided three suggestions regarding log management.


  1. Policy should stress preferences, not statements saying “We will do X.”
  2. Keep records of the fact you reviewed logs.
  3. Only a company’s full audit committee should know about all monitoring methods — neither employees nor the CEO should know what is watched or stored.

A version of this talk was provided on a SANS Webcast Ask The Expert: “The Law of IT System Logs”.


Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Blog, IT Management, Log Management, Security

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

July 2006
« Jun   Aug »
%d bloggers like this: