One of the best ways to detect intrusions is to monitor event logs (sometimes called logs for short).
In general, servers store logs of their activity, and in particular any errors encountered, in files.
Therefore, after a computer attack, it is rare for the hacker to successfully compromise a system on the first try. He/she usually works by trial and error, testing out various requests.
This is why log monitoring can be used to detect suspicious activity. It is particularly important to monitor the logs of security-related software; as well-configured as they may be, they may still be the target of an attack.
In reality, it is not obvious which alerts are triggered by real attacks by worms and viruses, and which are caused by tools such as vulnerability analysers.
For this reason, most attacks on servers are attacks which are completely unable to compromise the system (such as Microsoft IIS server attacks used on Linux servers with Apache).
They do, however, trigger false alarms, causing what is known as "noise", which makes it harder to focus on real alarms.
Article written 22 July 2005 by Jean-François Pillou.
Last update on Thursday October 16, 2008 02:43:19 PM.
"link notebook" financial link analyst network How to know when someone logs on into my hotmail How to recover deleted chat logs gmail Inadyn logs debian Logs do router d link My computer logs off but does not shut down Only logs in to back ground Spongebob squarepants analysis Vista logs off at login When a user logs on only the desktop shows When i log into windows it logs me out Will facebook give me a notice if someone logs into my facebook while i'm on? Windows vista logs off automatically how to stop Windows xp auto logs off Windows xp logs of the moment u log in Windows xp logs on but didn't show up desktop Xbox live problems connects but then logs off Xp logs automatical