Abstract
Investigating intrusions is usually a difficult and tedious task. Faced with megabytes and sometimes gigabytes of log file data, it is easy to overlook some of the most critical evidence. Often it is difficult to determine that a security incident has even occurred. But Log Parser changes that; it can combine, sort, and parse through log files to give a unique perspective of data. With the right queries, important evidence tends to float into view. This chapter focuses on building a toolbox of queries that will be ready to use as needed. The chapter describes powerful features and capabilities of Log Parser that will help one track down almost any intrusion. Investigating an intrusion is a long and complex process, but by parsing through data and viewing this information from different angles, one can gradually build a picture of what occurred. The key here is to summarize, sort, and slice the data enough times until key evidence emerges.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
