One of the best ways to detect intrusions is to monitor event logs (sometimes called logs for short).
In general, servers store logs of their activity, and in particular any errors encountered, in files.
Therefore, after a computer attack, it is rare for the hacker to successfully compromise a system on the first try. He/she usually works by trial and error, testing out various requests.
This is why log monitoring can be used to detect suspicious activity. It is particularly important to monitor the logs of security-related software; as well-configured as they may be, they may still be the target of an attack.
In reality, it is not obvious which alerts are triggered by real attacks by worms and viruses, and which are caused by tools such as vulnerability analysers.
For this reason, most attacks on servers are attacks which are completely unable to compromise the system (such as Microsoft IIS server attacks used on Linux servers with Apache).
They do, however, trigger false alarms, causing what is known as "noise", which makes it harder to focus on real alarms.
Article written 22 July 2005 by Jean-François Pillou.
Last update on Thursday October 16, 2008 02:43:19 PM.
Attack web server Caution a virus has been detected sound download Computer boots but wont detect monitor Computer won't detect add cd-rom drive Dragonball z: attack of the saiyans deutsch rom Driver detective 6.4.1.5 registration key Driver detective registration key Free download facebook hack attack Hard disk not detected Hard disk partition is not detected in mac os x10.5 How to solve usb detection problem with zen nano 512mb Removable disk f not detected Sony mp4 cant detected win xp Toshiba hdd not detected on macbook air Unable to detect sd card Why doesn't my computer detect the cpu fan on start up Windows does not detect hard drive Wont detect kingston micro sd