CDN$ 57.18
  • List Price: CDN$ 71.25
  • You Save: CDN$ 14.07 (20%)
Temporarily out of stock.
Order now and we'll deliver when available. We'll e-mail you with an estimated delivery date as soon as we have more information. Your account will only be charged when we ship the item.
Ships from and sold by Gift-wrap available.
Security Log Management: ... has been added to your Cart
Have one to sell?
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Security Log Management: Identifying Patterns in the Chaos Paperback – Apr 13 2006

See all 2 formats and editions Hide other formats and editions
Amazon Price
New from Used from
Kindle Edition
"Please retry"
"Please retry"
CDN$ 57.18
CDN$ 42.26 CDN$ 48.59

Harry Potter and the Cursed Child
click to open popover

Special Offers and Product Promotions

  • You'll save an extra 5% on Books purchased from, now through July 29th. No code necessary, discount applied at checkout. Here's how (restrictions apply)

No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.

  • Apple
  • Android
  • Windows Phone
  • Android

To get the free app, enter your mobile phone number.

Product Details

  • Paperback: 350 pages
  • Publisher: Syngress; 1 edition (April 13 2006)
  • Language: English
  • ISBN-10: 1597490423
  • ISBN-13: 978-1597490429
  • Product Dimensions: 17.8 x 2.5 x 23.3 cm
  • Shipping Weight: 694 g
  • Average Customer Review: Be the first to review this item
  • Amazon Bestsellers Rank: #73,773 in Books (See Top 100 in Books)
  •  Would you like to update product info, give feedback on images, or tell us about a lower price?

  • See Complete Table of Contents

Customer Reviews

There are no customer reviews yet on
5 star
4 star
3 star
2 star
1 star

Most Helpful Customer Reviews on (beta) HASH(0xa8121be8) out of 5 stars 4 reviews
17 of 19 people found the following review helpful
HASH(0xa81531e0) out of 5 stars Plenty of potential, but falls short March 13 2006
By Richard Bejtlich - Published on
Format: Paperback
When I received a review copy of Security Log Management (SLM) last month, I was eager to read it. I saw two very powerful but seldom discussed tools -- Argus and Bro -- mentioned in the table of contents. This indicated some original thinking, which I appreciate. Unfortunately, SLM did not live up to my expectations. When you strip out the pages of scripts and code and the three reprinted chapters, you're left with a series of examples of output from the author's deployment of several tools. Aside from a few examples mentioned in this review, I don't think readers will learn much from SLM.

The first problem with SLM is a lack of competent editing. Prior to publication, someone should have read the book from the reader's perspective, asking "what is the reader expected to learn from this section/chapter/book?" In other words, the editor should have asked "how is the reader supposed to implement these recommendations?" For example, Ch 2 mentions using the Bro IDS. Nothing about setting up Bro is included, which would be acceptable if a reference to an online guide or another book was given. That is not the case; the author just assumes readers know about Bro and have it running. The number of Bro users is probably less than 100. If you're one of them, you don't need to read this book!

Bro's DNS and SMTP logging modules are casually demonstrated with no regard for showing the reader how to deploy them. The Web module at least shows a sample mt.bro file, if the reader can figure out what that is or how it fits into the picture. The situation gets worse on p 101 when the author says "the SMTP module can be very powerful in helping to identify several of the 'Marcus Ranum' top mail-related statistics (Chapter 1)." Marcus Ranum is not mentioned at all in Ch 1.

SLM demonstrates two other features that are becoming increasingly common and frustrating in Syngress books, for which I detracted stars from the review. First, the editing is rough. I am perplexed by the inability to standardize on references to tools; e.g., is it bro, Bro, or BRO? Second, and far more worrisome, the last three chapters (7, 8, and 9) of SLM are reprints of chapters 6, 7, and 5 from the Feb 2005 Syngress book Microsoft Log Parser Toolkit. On the positive side, SLM did not have as many fuzzy screen shots as sometimes appear in recent Syngress books. The unexplained small, fuzzy, NetForensics screen shot on p 31 is one unwelcome exception.

In terms of stating a clear purpose and delivering material in a coherent manner, the best chapter in SLM is Ch 6 -- Scalable Enterprise Solutions. I thought the author of this chapter stated his purpose, and then delivered material that readers could use. My only problem with the chapter was reading the definition of ESM 5 times -- on pp 195, 196, 205, 237, and 238!

My favorite part of SLM was the material showing how to put Argus records into a MySQL database. This is not that common, so I was glad to see how the author implements that function.

I'm sorry I can't recommend reading SLM in its current form. Three stars means there is some value, but you could get what you need browsing in the book store. I would like to see a second edition of SLM cut out the reprinted chapters. That cuts the book down to 241 pages. If the 70 or so pages of code are moved online, that reduces the book to 171 pages. That leaves plenty of room to add material that meets readers' needs. An example of a very strong Syngress book on a related (host-based) topic is Host Integrity Monitoring Using Osiris and Samhain by Brian Wotring.
11 of 12 people found the following review helpful
HASH(0xa8153234) out of 5 stars Bordering on useless, hard to follow, no structure April 18 2006
By Dr Anton Chuvakin - Published on
Format: Paperback
It is not often that I review a genuinely bad book, but this is one such rare occasion. It so happens that log analysis has been my primary area of focus for the last several years and thus I could not have missed a book titled "Security Log Management."

Yuck! The book starts from a hodge-podge of examples, which, if entertaining at times, doesn't lead to any meaningful lessons and thus doesn't deliver the value it could have produced. The same applies to material selection for the book, which, as a result, suffers from a compete lack of logical structure. Even the Ch 1 "Log Analysis: Overall Issues" barely touched on analyzing logs and clearly didn't cover any "overall issues." Also, authors have undoubtedly trademarked the concept of a random irrelevant picture or graph...

In addition, the book reveals many areas where authors are deeply befuddled. ESM chapter (`Enterprise Security Management') is one such example, where such confusion reigns supreme. They can talk about `ESM process' and claim that `ESM is not a tool' in one sentence and then describe `ESM tools' in the next one. On top of that, if you are looking for some arcane security humor, try understanding their ROI calculation in the chapter (`Cost of problem' + `Cost of solution' ...)

One would think that they can get something as (relatively) simple as firewall reporting right (chapter 3). One would think that - and one would be wrong... The reader is still left with no answers to questions such as `what summaries, statistics and reports he/she should collect and how to do it'

As far as style is concerned, the book carries unfortunate signs of being written by a group of authors who didn't talk to each other much. Furthermore, what adds insult to injury is truly excessive amount of quoted source code, which plainly doesn't belong in the book, but on the website, CD, etc (were editors asleep at the wheel?)

To conclude, the book does have some relationship to patterns and chaos: the patterns in your brain will immediately turn into chaos after you are done reading it, provided you would even finish it. My suggestion is to avoid this largely useless title and save the money for better books (such as Bejtlich's or countless others).

Dr Anton Chuvakin, GCIA, GCIH, GCFA ([...]) is a

recognized security expert and book author. A frequent conference speaker, he also represents the company at various security meetings and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects, such as incident response, intrusion detection, honeypots and log analysis. In his spare time he maintains his security portal [...] and two blogs.
HASH(0xa815366c) out of 5 stars Don't buy it Aug. 20 2015
By LOUIS G DOLTON - Published on
Format: Paperback Verified Purchase
Waste of money
0 of 2 people found the following review helpful
By Osier W Tanner II - Published on
Format: Kindle Edition Verified Purchase
Loved it. Great service and speed on getting the book in on time. This was exactly what I was looking for.