An Approach to UNIX Security Logging

Off-line intrusion detection systems rely on logged data. However, the logging mechanism may be complicated and time-consuming and the amount of logged data tends to be very large. To counter these problems we suggest a very simple and cheap logging method, light-weight logging. It can be easily implemented on a Unix system, particularly on the Solaris operating system from Sun. It is based on logging every invocation of the exec(2) system call together with its arguments. We use data from realistic intrusion experiments to show the benefits of the proposed logging and in partic-ular that this logging method consumes as little system resources as comparable methods, while still being more effective.

Click Here to download this article

Share this article

Receive all the latest articles by email!

Get all articles delivered directly to your mailbox as and when they are released on WindowSecurity.com! Choose between receiving instant updates with the Real-Time Article Update, or a monthly summary with the Monthly Article Update.



Receive all the latest articles by email!

Receive Real-Time & Monthly WindowSecurity.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowSecurity.com member!

Discuss your security issues with thousands of other network security experts. Click here to join!

Community Area

Log in | Register

Solution Center

Readers' Choice

Which is your preferred Email Anti Virus solution?