ATTENZIONE: QUESTO SEMINARIO SI TERRA' IN LINGUA INGLESE.

Recent changes in regulatory requirements in the EU and elsewhere underscore what system administrators and network managers have known for a long time: the importance of enterprise log collection and analysis.
The task is daunting, covering as it does operating system and application configuration, network provisioning, database selection and software management. Only after the data is centralized does the real work begin - identifying what's significant, notifying the appropriate personnel and then responding to the event.

The generic problem of finding associations between log entries across a network is challenging, lending itself to a multitude of abstract analysis techniques and vendor snake oil.

Yet centralized log repositories do provide useful information about security events, and system administrators do collect useful snapshots of network activity from their logs. How does it happen? In this talk, Dr. Bird presents the security administrator's perspective on log analysis and event correlation.

After summarizing log analysis architectures, we'll look at logs from a couple of specific security-relevant activities, and then generalize from those events to a strategy for log correlation.