An Approach to Improving Network Security Using Log Analysis

Abstract

Troubleshooting is the process of detecting, identifying and re­solving problems within a computer network by means of specific methods, tools and operations. Troubleshooting implies following a set of procedures or steps that conform to the security standards and policies of a company. Diagnosing the source of a problem can be done by tools for system moni­toring, recording log messages, manual testing of device configuration, as well as by tools for device operation analysis. The procedure for using log messages to resolve both common problems and those caused by attacks is explained in this paper. Furthermore, this paper describes the way securi­ty threat management systems use the contents of log messages to analyze hardware problems and malicious activities.