General Security Concepts: Access Control, Authentication, and Auditing • Chapter 1  35


                 Figure 1.11 A Logon/Logoff Failure Event Description





































                 Logging

                 The logging features provided on most networks and systems involve logging
                 known or partially known resource event activities.While these logs are sometimes
                 used for analyzing system problems, they are also useful for finding security issues
                 through processing the log files and checking for both valid and invalid system
                 activities
                    Most modern database applications support some level of transaction log
                 detailing the activities that occurred within the database.This log can then be used
                 to rebuild the database or to create a duplicate database at another location.
                 Providing this detailed level of database logging consumes a great deal of drive
                 space.This intense logging is not needed for most applications.You will generally
                 only have basic informative messages utilized in system resource logging unless
                 additional audit details are enabled.
                    A great deal of information on logging and log analysis can be found at
                 http://www.loganalysis.org.Additionally more information on log analysis can be



                                                                              www.syngress.com