Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created this "Critical Log Review Checklist for Security Incidents."
In addition to HTML, PDF or DOC versions are available as well (alternative hosting location is here).
The checklist is also enbedded below for a quick review.
Feel free to modify the checklist for your own purposes or for internal
distribution in your organization - but please keep the attribution to
the authors. Ideas for improving the checklist or other log-related checklists that would be useful to you are welcome!
This log checklist / cheatsheet presents a list of critical things to
look for while reviewing system, network and security logs when
responding to a
security incident. It can also be used for routine periodic log review,
IT audit or compliance assessment, etc.
The checklist ideas can be implemented manually, using open source log
management / log analysis tools or using commercial log management or
SIEM tools. It was authored by Dr. Anton Chuvakin and Lenny Zeltser.
A companion list of open source log tools can be found here.
BTW, I have another log-related checklist - for comparing log management tools here.
BTW, Lenny has other useful security cheat sheets on malware analysis, security architecture, DDoS, etc here)
Here is the embedded version from DocStoc:
Critical Log Review Checklist for Security Incidents -