I just released the document Log analysis for Intrusion Detection at the ossec web site. It shows how some threats can be detected by correlating specific patterns on web logs, proxy logs and authentication logs..”
Log analysis is one of the most overlooked aspects of intrusion detection. Nowadays we see every desktop with an anti-virus, companies with multiple firewalls and even simple end-users buying the latest security related tools. However, who is watching or monitoring all the information these tools generate? Or even worse, who is watching your web server, mail server or authentication logs?”