Posted by: phillipnb | February 9, 2014

Book Review: Logging and Log Management


 Too many Information Technology Professionals do not have a decent idea about Logs and Logging and even if they did, they do not give much significance to this subject. Either way this book, Logging and Log Management, authors Chuvakin, Schmidt and Phillips takes away that vacuum of not having an authoritative reference to start working on logs. This book is not the effort of a single author but by three warriors who are gurus in the field of Computer Security and Threat Management where Logs are like bread and butter to an average person. In fact, one of the authors, Dr. Chuvakin, did work as a Chief Logging Evangelist whose responsibilities included logging for security, compliance, and operations. Considering the other two authors, Schmidt has experience in analyzing log data, while Phillips did integrate log and event information from third party providers. Hence, this book is the labor of three people having encyclopedic firsthand experience in Computer Logs and Log Management.

The overall idea behind this book is to provide, an Information Technology Professional, a comprehensive introduction about how to understand and deal with log data. Hence, this book is ideal for System Administrators and Security Analysts but this book can also be used by an IT Professional who would like to master the craft of Logging and Log Management. The title of the book is accurate in the sense that this book purely deals with Logging and how to manage Logs. Yes, to understand the book you need to have a computer science background, backed by a good understanding of topics like operating systems, computer networks, computer programming and network security. This book is not language neutral because the examples presented in this book are mostly written in Perl and Java and hence you need to know to write code in at least one of these languages but most of the examples are simple and self-explanatory and you do not have to a crackerjack in computer programming.

The organization of this book is quite detailed and in-depth. The book starts by defining what Log is and then goes on to explain things like Log Data Sources, Log Storage Technologies, Covert Logging, Log analysis, Filtering, etc in its initial few chapters. In the next eight to ten chapters, the book talks about attacks against Logging Systems, Concepts and Guidance to Programmers and others on how better log messages can be produced, Log Management Procedures, Logging Laws and Mistakes, Reporting and Summarizing Log Data, Log Data Mining, Visualizing Log Data, Tools for Log Analysis, Log Compliance etc. In the final few chapters, the book advises the reader how to plan one’s own Log Analysis System, Cloud Logging Log Standards and future trends in Logging.

There are many resourceful concepts and explanations that I liked in this book. The first item that I would like to mention is – This book gives a good overview about the pros and cons of different types of Logging. This is done by explaining XML Logging, Syslog Logging, Textfile Logging and Proprietary Logging. Different Log Storage formats, Covert Logging and Stealth Logging are also explained very well. This book does show the user what a Log Report and Summarization should contain. I do agree with the authors that TreeMaps is an interesting way to visually see patterns in the log data file and the book has done well to explain TreeMaps. Although laws related to Logging vary from organization to organization, the authors have taken pains to explain in general the Law of collection, retention, monitoring, availability and security. Another interesting feature that this book points out is the mistakes that users usually make while setting up, collecting and analyzing Log data. The best part of this book is in chapter 20, which deals with how to plan one’s own log analysis system. The chapter opens with the need for a Log Analysis System, who should be involved, understanding your organization’s needs, how to do the software selection, how to define the logging policy and policy for data collection and retention of logs for your organization. For those of you who are ardent supporters of cloud computing, the authors have devoted a chapter for that too. In the chapter for cloud logging, authors begin the chapter with the definition for cloud computing and then goes on to explain about service delivery models, software as a service, storage and infrastructure as a service, cloud deployment models, characteristics of a cloud infrastructure, cloud logging and finally, the pros and cons of cloud logging.

It would have been great if the authors actually included more examples about the topics covered in each chapter. Honestly, I think Logging and Log Management can be learned only by practice and the more examples a reader has, the better he or she is in learning what is explained in the book. This could also be given in the form of review questions at the end of a chapter. Again, the presentation of text within the book is not very pleasing; it could have been presented in a simple way thus creating less distraction to the reader. I also consider the list of contents of a chapter that is given at the beginning of the chapter as a nuisance. This is sometimes confusing and creates a crowded look at the beginning of the chapter. These contents should have been placed in the table of contents at the beginning of the book.

Overall, this is a good book, in fact a good textbook, for those who are new to the world of Logs and Log Management. For those who are veterans and experienced authorities in the field of Log and Log Management, this book will help you consolidate your knowledge and will help experiment and experience news ways of logging that you have not attempted before. Therefore, definitely this book is for computer programmers, developers, system analysts, security professionals, and managers who deal with computer programs and code either for passion or as part of their job. Even if you are not directly involved in Logs and Log Management, this book will definitely give you insights in to how to write better code that will help those who debug your code later.

Advertisements

Responses

  1. Thanks for the review!

    • You are welcome, Anton.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: