| PreviousIPS | Monitoring event logs | NextServer integrity checks |
One of the best ways to detect intrusions is to monitor event logs (sometimes called logs for short).
In general, servers store logs of their activity, and in particular any errors encountered, in files.
Therefore, after a computer attack, it is rare for the hacker to successfully compromise a system on the first try. He/she usually works by trial and error, testing out various requests.
This is why log monitoring can be used to detect suspicious activity. It is particularly important to monitor the logs of security-related software; as well-configured as they may be, they may still be the target of an attack.
In reality, it is not obvious which alerts are triggered by real attacks by worms and viruses, and which are caused by tools such as vulnerability analysers.
For this reason, most attacks on servers are attacks which are completely unable to compromise the system (such as Microsoft IIS server attacks used on Linux servers with Apache).
They do, however, trigger false alarms, causing what is known as "noise", which makes it harder to focus on real alarms.
Article written 22 July 2005 by Jean-François Pillou.
Last update on Thursday October 16, 2008 02:43:19 PM.
Can i play ps3 on pc monitor with a hdmi to dvi cable Cathode ray tube monitor Click l logs off disable Computer "no signal to monitor" working light stays on Dell monitor power save mode Download agjust light contrast brightnes monitor Event log not open External monitor Hook vista laptop up to external monitor How to force hp laptop to boot from external monitor Hp pavilion notebook monitor won't turn on Input monitor goes to power save Monitor black screen after start up Monitor display upside down No signal input on monitor Raid event monitor notebook msconfig Samsung syncmaster 2494 lcd monitor specification Sony boot screen on external monitor