Post Process

Everything to do with E-discovery & ESI

Wading into the Quagmire of the Logs

Posted by rjbiii on October 24, 2007

SearchSecurity.com has posted a great article on Filtering Log Data:

Where there are logs, there is usually an overwhelming amount of log data. This makes it hard for an organization to spot security problems. How do you find the one packet among millions that indicates someone is sending proprietary information out of the enterprise?

Let’s illustrate how it is possible to drill down and find that single suspect packet through a series of screenshots. As an example interface, we’ll use NetIQ’s Security Manager v 6.0 to demonstrate the filtering process, but other vendors in this market offer similar interfaces and capabilities. Regardless of the product your organization uses, this tip will provide a blueprint for how to drill down and obtain the log information you need.

You might already have a glimmer as to why the subject is on-topic here, but in case you feel the need to question my judgment:

[Reporting capabilities of these applications] are useful when you know ahead of time what to look for, such as providing evidence for an electronic discovery request or other external reasons.

The article comes complete with screen shots and is very well written. I highly recommend it.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: