• Unit 1:  Introduction: Concepts of Log, What Should the Logs Log? Everything - The 5 Ws (Who, What, When, Where, and Why) - Unix Logs – Windows Logs -  Events  and Event Lifecycle - Linux Logs - Types of logs - Security logs -  Application logs – System Logs – WMI – WMI Architecture

    Unit 2: SNMP:  Simple Network Management Protocol – Structure – Basic commands – get get next,…Management Information Base (MIB) – V1, V2 and  V3, RMON - OID notation - OID Trees - SNMP Tools, Case Studies

    Unit 3: Log Formats And Log Collection:  Log files – Log formats – application specific Log Formats -Apache Logs - Mail logs - Firewall Logs – vendor Specific Logs - Event Correlation - Event Normalization, Correlation Rules Log Collection -  Push Log Collection - Pull Log Collection - Prebuilt Log Collection -  Custom Log - Parsing/Normalization of Logs  - Rule Engine/Correlation Engine - Correlation Engine, Case Studies

    Unit 4:  Managing Log Files: Log tools – SYSLOG – Open source Log analyzers - Log File Conversion -Standardizing Log Formats - Using XML for Reporting -Correlating Log File Data -Log Rotation and Archival -Determining an Archiving Methodology -Separating Logs, Case Studies

    Unit 5: Investigating Intrusions: Intrusion detection system - NIDS, HIDS - Locating Intrusions - Monitoring Logons - Monitoring IIS - Reconstructing Intrusions – concepts of  SNORT  - Rules - Rule headers - Rule options - Pre- processors - Stream4  - Frag2 - Frag3 - HTTP inspect -  plugins -  Alerts Detail Report, Case Studies.