Shulou(Shulou.com)06/03 Report--

UNIX/Linux Network Log Analysis and Traffic Monitoring

Official website of the publisher: http://www.cmpbook.com/stackroom.php?id=39384

JD.com: http://item.jd.com/11582561.html Machinery Industry Press online purchase platform: http://www.golden-book.com/booksinfo/17/1755111.html lowest price: 59 yuan

Joint recommendation of 51CTO, ChinaUnix, ITPUB and IT168 media

Log analysis is a basic skill of system administrators. UNIX/Linux system provides a powerful log system, which provides strong support for administrators to find and find problems. In the form of storytelling, this book integrates the author's actual combat experience, as if Holmes is telling Watson the whole story of the case, so that readers can understand the tricks of UNIX/Linux log analysis in the process of following the author's analysis. The language of this book is easy to understand, combined with case situations, easy to practice.

More importantly, through this book, system administrators (including all kinds of IT practitioners) can not only learn the role of UNIX/ Linux logs, but also look at IT operation and peacekeeping system security from a higher point of view. Only by looking at these problems as a whole can we increase the stability and security of the system and free the system administrator from the daily affairs.

Wu Yuzheng, Deputy Editor-in-Chief of 51CTO (former Deputy Editor-in-Chief of computer World)

The author of this book, Mr. Li Chenguang, is an expert blogger on 51CTO, and his articles have been paid close attention to by his technical counterparts. The author was named as one of the "Ten Outstanding IT blogs" in the 2011-2013 China IT blog Competition. A book written by such an excellent blogger must be worth reading. This book introduces in detail the log analysis methods and computer forensics skills under the UNIX/Linux platform, and introduces the whole process of log analysis in the form of storytelling. its biggest highlight is to show the boring technical problems in the UNIX/Linux system through vivid cases, and system administrators can gain something after reading each case. You won't regret reading this book.

Cao Yali, editor-in-chief of 51CTO blog and senior operations manager of 51CTO College

The book "Unix/Linux Network Log Analysis and Traffic Monitoring" takes the enterprise network security operation and maintenance as the background, not only analyzes in detail today's typical security problems, including DDOS***, wireless * *, malicious code, SQL injection and other cases and remedial measures, but also enables enterprise operation and maintenance personnel to understand and be familiar with the use of the most popular Ossim open source system to mine network security issues. The author uses more than 10 years of experience to share, whether you are a network engineer, system administrator or information security personnel, will resonate with the author in this book. The biggest highlight of this book is different from other safety books. It conveys to readers a way to solve problems, rather than a simple case study. Teaching them to fish is worth recommending.

-- Ren Liping, Director of 51CTO Reading Channel

Teacher Li Chenguang is a ChinaUnix expert blogger who has studied in the field of UNIX/Linux for many years and has unique insights into log analysis technology. This book "UNIX/Linux Network Log Analysis and Traffic Monitoring" is the first monograph in the industry to explain the methods of application system log collection and analysis based on UNIX/Linux environment. It is the technical crystallization of Mr. Li for many years. The book uses a large number of fresh cases, vividly shows the system vulnerability prevention, malicious code analysis, DoS analysis, malicious traffic filtering and other security protection technologies, in-depth analysis of many system administrators' error maintenance methods and misunderstandings, which has a good reference value for security workers. If you are interested in network security and log analysis, we highly recommend this book.

-- ChinaUnix Technology Community

Operation and maintenance staff are very clear, very boring and have to do is the server log file analysis and traffic monitoring. Although there are many related tools and software, they are often inadequate when they are really combined with their actual work. This book "UNIX/Linux Network Log Analysis and Traffic Monitoring" is introduced and explained in detail in the form of case-driven collection, analysis, log audit and forensics from the original log (Raw Log) of the UNIX/Linux system. It is very rich in content, interspersed with a lot of short stories, and is not boring, allowing you to improve your log analysis skills in an easy reading environment. If you are an operation and maintenance staff or want to become an operation and maintenance staff, you deserve to have!

-- ITPUB Technology Community

With the increasingly serious threat to the network, the problem of information security is concerned by more and more users. For the discussion of UNIX/Linux system security, teacher Li Chenguang's "UNIX/Linux Network Log Analysis and Traffic Monitoring" is obviously a very good choice. This book makes a profound and simple analysis of the security issues under the UNIX/Linux system through a vivid case, so that you can better digest the methods and techniques, which is worth reading.

Dong Jianwei, Chief Editor of IT168 Security Channel

This book starts with the collection and analysis of the original log (Raw Log) of the UNIX/Linux system, and gradually goes deep into the log audit and computer forensics. The book provides a number of cases, each with a vivid chronicle of the process of systematic forensics and recovery carried out by managers after the network was attacked, with a storyline to enable readers to test their emergency response and computer forensics in person.

The cases used in this book are summarized and selected by the author from system maintenance and forensics, which have important reference value for improving the level of network maintenance and the ability of event analysis. If you are concerned about cyber security, the cases in the book are sure to resonate with you. This book is suitable for experienced UNIX/Linux system administrators and information security personnel.

1. Why did you write this book

Many books on network security have been published in China, most of which are based on Windows platform. However, most of the Internet application servers are based on UNIX/Linux systems, and readers urgently need to know about the security cases of these systems. So I decided to write a book based on UNIX/Linux, from the perspective of a white hat, to tell you how to find clues of problems, repair network vulnerabilities and build a secure network environment through log information when faced with various network threats in the enterprise network.

2. Characteristics and structure of this book

The cases in the book cover the typical types of network applications today, such as DDoS, malicious code, buffer overflow, Web application *, IP fragment *, man in the middle, wireless network and SQL injection. Each story first describes a security incident. Then the administrator conducts a site survey, collects all kinds of information (including log files, topology diagrams, and device configuration files), analyzes the cross-correlation of various security incident alarm information, and guides the reader to analyze the causes of * *. Bring the reader into the case. Finally, the author gives the context of the process, and puts forward the preventive measures and remedial measures against this kind of * at the end of each case, focusing on telling readers how to carry out system and network forensics, find and repair various loopholes, so as to carry out effective defense.

The book consists of 14 chapters, which can be divided into three chapters.

The first part, the basis of log analysis (chapters 1-3), is the basis of the book, especially for IT operators. It systematically summarizes the characteristics, distribution location and functions of various fields of UNIX/Linux system and various network application logs, including Apache logs, FTP logs, Squid logs, NFS logs, Samba logs, iptables logs, DNS logs, DHCP logs, mail system logs and various network device logs. It also puts forward the realization technology of visual log analysis for the first time, and exposes for the first time the ideas, methods, techniques and tools used by computer systems in judicial forensics, which provides a solid foundation for readers to effectively record and analyze logs. It solves the problems of "what to look up" and "how to check" encountered by readers in log analysis. Finally, it explains the implementation principles and technical methods of log collection, including the construction process of open source and commercial log analysis system.

The second log analysis (Chapter 4 ~ 12) tells some short stories adapted according to the author's personal experience, reproducing the occurrence, development, treatment and preventive measures of various network incidents encountered by the author in that year. I use the "bloody" lessons encountered on the way of network operation and maintenance to warn you what will happen if you don't upgrade the patch. What are the consequences if there is no system security reinforcement? These cases include Web website crash, DNS failure, encounter DoS***, Solaris installation backdoor, overflow * *, rootkit***, worm * *, database injected by SQL, server reduced to springboard, IP fragments, and so on.

The third part, Network Traffic and Log Monitoring (Chapter 13 and 14), uses a large number of examples to explain the principles and methods of traffic monitoring, such as the application skills of open source software Xplico and the application of NetFlow in abnormal traffic. It also introduces the establishment of a network log traffic monitoring network using the open source OSSIM security system.

From the perspective of network security personnel, this book shows how to dig out key problems and finally solve them when you are faced with a myriad of clues when the Internet happens. The case in the book uses an original situational description, through a vivid IT scene, reflects the various difficulties encountered by IT practitioners in their work. In the case, through interactive questions and open answers, readers unwittingly master some important network security knowledge and practical technical solutions.

The IP address and domain name information in the case of this book are fictional, while the download websites and various information query websites involved in the solutions are real and have high reference value. There are a large number of system logs in the book, which are important evidence for network failure forensics. Due to confidentiality issues involved, all logs have been technically processed.

Due to time constraints, limited capacity, inappropriate places in the book are inevitable, but also ask readers to my blog a lot of correction.

3. The experimental environment of this book

The UNIX platform selected in this book is Solaris and FreeBSD,Linux platform, mainly Red Hat and Debian Linux. The tool plates for forensics investigation are Deft 8.2and Back Track5. DEFT-vmware, BT5-vmware and OSSIM-vmware virtual machines are available on http://chenguang.blog.51cto.com (the author's blog) for readers to download and study.

Try out the wonderful sample chapter

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.