Official Page for Critical Log Review Checklist

Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created this "Critical Log Review Checklist for Security Incidents."

In addition to HTML, PDF or DOC versions are available as well (alternative hosting location is here). The checklist is also enbedded below for a quick review.

Feel free to modify the checklist for your own purposes or for internal distribution in your organization - but please keep the attribution to the authors. Ideas for improving the checklist or other log-related checklists that would be useful to you are welcome!

This log checklist / cheatsheet presents a list of critical things to look for while reviewing  system, network and security logs when responding to a security incident. It can also be used for routine periodic log review, IT audit or compliance assessment, etc. The checklist ideas can be implemented manually, using open source log management / log analysis tools or using commercial log management or SIEM tools. It was authored by Dr. Anton Chuvakin and Lenny Zeltser.

A companion list of open source log tools can be found here.
BTW, I have another log-related checklist - for comparing log management tools here.
BTW, Lenny has other useful security cheat sheets on malware analysis, security architecture, DDoS, etc  here)
Here is the embedded version from DocStoc: Critical Log Review Checklist for Security Incidents

Return to Security Warrior Consulting by Dr. Anton Chuvakin Modified: 23-Dec-2010