Log File Monitors
The simplest of IDSs, log file monitors, attempt to detect intrusions by parsing system event logs. For example, a basic log file monitor might grep (search) an Apache access.log file for characteristic /cgi-bin/ requests. This technology is limited in that it only detects logged events, which attackers can easily alter. In addition, such a system will miss low-level system events, because event logging is a relatively high-level operation.
Log file monitors are a prime example of host-based IDSs, because they primarily lend themselves to monitoring only one machine. In contrast, network-based IDSs typically scan the network at the packet level, directly off the wire like a sniffer. Network IDSs can coordinate data across multiple ...
Get Maximum Wireless Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
