BKSCLGMN.RVW 20060821 "Security Log Management", Jacob Babbin et al, 2006, 1-59749-042-3, U$49.95/C$69.95 %A Jacob Babbin %A Dave Kleiman %A Everett F. Carter %A Jeremy Faircloth %A Mark Burnett %C 800 Hingham Street, Rockland, MA 02370 %D 2006 %E Esteban Gutierrez %G 1-59749-042-3 %I Syngress Media, Inc. %O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1597490423/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1597490423/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1597490423/robsladesin03-20 %O Audience a- Tech 2 Writing 1 (see revfaq.htm for explanation) %P 333 p. %T "Security Log Management: Identifying Patterns in the Chaos" Chapter one reviews the problem of masses of data. The text suggests that there are solutions, and even gives some examples, but the writing seems to be intended only for an audience that is already skilled, working, and well familiar with those very solutions. Sections of sample code are provided (here and at other places in the book), but they tend to be of limited utility because significant chunks of the actual functional parts are missing. Various tools for IDS (intrusion detection system) reporting are described in chapter two. Fewer tools are listed for firewall reporting in three. Although entitled "Systems and Network Device Reporting," chapter four looks solely at Web server logs, and that only for a single type of attack or situation. However, the restriction of topic is somewhat ameliorated by the best writing in the book: the coverage of the analysis is clear and an excellent introduction to WEb server forensics. Chapter five has scripts for text reporting (illustrated by graphical presentation of the data, so it is somewhat misleading). Chapter six suggests that you should do Enterprise Security Management, and notes some of the difficulties you may encounter, but doesn't provide any help. Despite the title of "Managing Log Files with Microsoft Log Parser," chapter seven merely talks about generic file management. Chapter eight does provide some Microsoft Log Parser SQL code for reporting, and has a few other useful suggestions. More Log Parser SQL code, this time for formatting CSV (comma separated version) data, is in chapter nine. Basically, if you already know how to deal with event logs, log data, and log data analysis, this book will provide you with some suggestions about tools that you might want to try. If you are already struggling with network forensics and intrusion detection, the material in this volume won't help much. copyright Robert M. Slade, 2006 BKSCLGMN.RVW 20060821