Training on security system logging and auditing
- Daniel Kouril (CESNET)
Various components of operating systems as well as grid middleware typically produce a lot of information about their operations. The logs contain important details and are invaluable source of information that is important to reveal misconfigurations, etc. Logs also play very important role during investigation of security incidents since they make it possible to track down activites of users and applications.
In the sessions we will present best practices about how logs can be collected and what tools are needed to establish a central logging instance. We will also present current works focusing on efficient log management.
We will try to collect people from other NGIs that have experience in this area to share during the sessions.
The expected audience of the session is the site administrators and security officers.