Chapter 8. Logging and Monitoring
One of the most important tasks of an administrator is to configure a
system to be secure, but it is also necessary to
know it is secure. The only way to know a system
is secure (and behaving correctly) is through informative and
trustworthy log files. Though the security point of view is almost
all we care about, we have other reasons to have good logs, such as
to perform traffic analysis (which is useful for marketing) or to
charge customers for the use of resources (billing and accounting).
Most administrators do not think about the logs much before an
intrusion happens and only realize their configuration mistakes when
it is discovered that critical forensic information is not available.
In this chapter, we will cover the subjects of logging and
monitoring, which are important to ensure the system records relevant
information from a security perspective.
This chapter covers the following:
| 
