{"id":238,"date":"2007-08-20T22:36:00","date_gmt":"2007-08-20T22:36:00","guid":{"rendered":"https:\/\/defragged.org\/ossec\/?p=238"},"modified":"2020-07-02T22:36:48","modified_gmt":"2020-07-02T22:36:48","slug":"bruce-schneier-on-log-analysis","status":"publish","type":"post","link":"https:\/\/defragged.org\/ossec\/2007\/08\/bruce-schneier-on-log-analysis\/","title":{"rendered":"Bruce Schneier on log analysis"},"content":{"rendered":"\n<p>We all respect&nbsp;<a href=\"http:\/\/www.schneier.com\/blog\/\">Bruce Schneier\u2019s<\/a>&nbsp;opinion (if you don\u2019t be&nbsp;<a href=\"http:\/\/geekz.co.uk\/schneierfacts\/\">careful<\/a>) and I found very interesting his take on log analysis:<\/p>\n\n\n\n<blockquote class=\"wp-block-quote\"><p>Whenever someone attacks you, they leave footprints\u2026 All of these products have audit logs and they produce audit messages (Millions of messages a day). Most of them are a complete waste of time, like printer out of toner. So what?<\/p><p>But some of them are very important. In those audit logs are footprint of attacks. If you can monitor those on real time you can watch the attacker as he is attacking. If you can understand what is going on fast enough, you can kick him out before he does more damage\u2026<\/p><\/blockquote>\n\n\n\n<p>You can watch it&nbsp;<a href=\"http:\/\/www.youtube.com\/watch?v=IoXoHlI86rQ\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We all respect&nbsp;Bruce Schneier\u2019s&nbsp;opinion (if you don\u2019t be&nbsp;careful) and I found very interesting his take on log analysis: Whenever someone attacks you, they leave footprints\u2026 All of these products have audit logs and they produce audit messages (Millions of messages a day). Most of them are a complete waste of time, like printer out of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/238"}],"collection":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/comments?post=238"}],"version-history":[{"count":1,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/238\/revisions"}],"predecessor-version":[{"id":239,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/posts\/238\/revisions\/239"}],"wp:attachment":[{"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/media?parent=238"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/categories?post=238"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/defragged.org\/ossec\/wp-json\/wp\/v2\/tags?post=238"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}