logging. what is a log? what gets logged? logins / logouts privilege escalation security relevant...
TRANSCRIPT
Common mistakes (Marcus)• #1 – collecting it and not looking atit (might as well log to /dev/null)
• #2 – watching logs from perimeter systems while ignoring internal systems
• #3 – Designing your log architecture before you decide what you’re going to collect
• #4 – Only looking for what you know you want to find instead of just looking to see what you find.
Common Mistakes 2:
• #5 – Proceeding without doing envelope estimates with of load.
• #6 – thinking your logs are evidence if you don’t collect them right
• #7 – forgetting that this is just a data management problem
• #8 – Drinking the XML Kool-ade