Keeping your network secure involves a number of day-to-day tasks. One of the most important is keeping tabs on your systems' logs. Quick retrieval and interpretation of log data during a security event or other alarm is crucial. And quality security software and hardware almost always generate events or logs that document use (or attempted misuse) of various programs, services, and systems, making log analysis a vital skill.
Windows system logging uses the Event Viewer, but many other built-in Windows programs, such as Microsoft IIS and Internet Authentication Service (IAS), log to text files. A number of programs let you stream Windows logs into a text file (in case you've fallen in love with text-based log management), and let's not forget syslog, which lets you aggregate remote systems' logs to a common syslog server that stores those logs as text files. Two venerable log-analysis tools--grep and tail--can be key additions to any security toolkit. The simplicity of these command-line utilities belies their extreme usefulness, flexibility, and power. Both tools are widely used by UNIX administrators, but you don't need to be a UNIX guru to immediately take advantage of either tool in a Windows environment. Grep and tail are available on most UNIX systems, and you can download GNU-licensed Win32 versions from the Sourceforge Web site (http://unxutils.sourceforge.net). Download the UnxUpdates.zip file, which contains several useful UNIX tools for Win32, then extract grep.exe and tail.exe to your computer. . . .
Register
