It’s not hard to say ‘I don’t envy you’ to system administrators who are lumped with the burden of classifying log messages every time somebody conducts an action on the network.
Every time a user logs in, a file is created, and a network connection is opened to a remote host, there is a string of text messages from operating systems, applications, and network devices.
Log messages will be critical to detecting security incidents, operational problems, policy violations, and are useful in auditing and forensic situations.
Download this whitepaper if you want to know:
• What system logging is and how it helps ease the burden for system administrators
• How artificial ignorance detects anomalies in a working system
• What you need to do to exploit the advanced log message classification method of syslog-ng.