Wyniki wyszukiwania - BazTech

Ograniczanie wyników

1 Journal of Telecommunications and Information Technology

1 2015

Znaleziono wyników: 1

Liczba wyników na stronie

Wyniki wyszukiwania

Wyszukiwano:
w słowach kluczowych: syslog

Sortuj według:

Ogranicz wyniki do:

Detecting Security Violations Based on Multilayered Event Log Processing

Malec P., Piwowar M., Kozakiewicz A., Lasota K.

Journal of Telecommunications and Information Technology

2015

nr 4

30--36

The article proposes a log analysis approach to detection of security violations, based on a four layer design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs' content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network.