Bruce Schneier on log analysis

Did you know that Brute Schneier is a log fan? Well, he never said he was a fan, but that's his take on logging:

" Whenever someone attacks you, they leave footprints… All of these products have audit logs and they produce audit messages (Millions of messages a day). Most of them are a complete waste of time, like printer out of toner. So what?

But some of them are very important. In those audit logs are footprint of attacks. If you can monitor those on real time you can watch the attacker as he is attacking. If you can understand what is going on fast enough, you can kick him out before he does more damage… "


Sounds like someone that loves logs to me and see the value of it. Full video here:





Posted in   logging   schneier     by Daniel Cid (dcid)

Coding for fun and profit. Often fun and little profit.