Between Chapters 18, "Linux and Firewalls," and 19, "Logs and Audit Trails," you probably got your fill of logs. Indeed, Linux keeps logs of nearly everything: logins, logouts, connection requests, equipment failure, denial of service, user commands, packet traffic, and a dozen other things. This is so pervasive that Linux even offers tools to update, rotate, format, merge, and analyze logs.

But while logs are essential, computer security folks have searched long and hard for ways to enhance their value or produce something better. Because, if you think about it, logs by themselves are really nothing but forensic evidence at a murder scene. The crime has already happened, the victim is already dead, and all you can ...