Unit 1: Introduction: Concepts of Log, What Should the Logs Log? Everything - The 5 Ws (Who, What, When, Where, and Why) - Unix Logs – Windows Logs - Events and Event Lifecycle - Linux Logs - Types of logs - Security logs - Application logs – System Logs – WMI – WMI Architecture
Unit 2: SNMP: Simple Network Management Protocol – Structure – Basic commands – get get next,…Management Information Base (MIB) – V1, V2 and V3, RMON - OID notation - OID Trees - SNMP Tools, Case Studies
Unit 3: Log Formats And Log Collection: Log files – Log formats – application specific Log Formats -Apache Logs - Mail logs - Firewall Logs – vendor Specific Logs - Event Correlation - Event Normalization, Correlation Rules Log Collection - Push Log Collection - Pull Log Collection - Prebuilt Log Collection - Custom Log - Parsing/Normalization of Logs - Rule Engine/Correlation Engine - Correlation Engine, Case Studies
Unit 4: Managing Log Files: Log tools – SYSLOG – Open source Log analyzers - Log File Conversion -Standardizing Log Formats - Using XML for Reporting -Correlating Log File Data -Log Rotation and Archival -Determining an Archiving Methodology -Separating Logs, Case Studies
Unit 5: Investigating Intrusions: Intrusion detection system - NIDS, HIDS - Locating Intrusions - Monitoring Logons - Monitoring IIS - Reconstructing Intrusions – concepts of SNORT - Rules - Rule headers - Rule options - Pre- processors - Stream4 - Frag2 - Frag3 - HTTP inspect - plugins - Alerts Detail Report, Case Studies.