BSidesSF 2019 has ended
Back To Schedule
Saturday, March 2 • 12:30pm - 6:00pm
Using Open Source Log Aggregation Tools to Improve Enterprise Security Full

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Limited Capacity full


Securing the enterprise is a demanding task that requires a complete understanding of the infrastructure and its running services. To uncover signs of compromise, it is first necessary to know what normal activity looks like. Almost all services make use of some type of logging function with the vast majority of logs adhering to RFC 5424 or the Syslog protocol. Centralizing log analysis functions opens new opportunities for cross-referencing and analyzing data.

Log aggregation tools are available from a variety of vendors and are critical in presenting data in a timely and usable manner. With proper planning, log aggregation tools can be configured to track critical infrastructure activity and provide alerting when anomalies indicative of compromise are detected. Log analysis can be used to detect malicious login attempts, device compromise, data exfiltration, unexpected network traffic, unauthorized file changes, rogue application installations, and more.

This course will provide students with hands-on development of practical, real-world log aggregation, analysis, and alerting skills that they can take back to their jobs, massage, and implement in their environments. We will use real world scenarios and provide virtual machines, instruction, and workable demos that students can take with them.

Students should have basic Linux & Windows familiarity and be able to do basic virtual machine manipulation. We will provide all materials via AWS. Students will need laptops.

avatar for Lennart Koopmann

Lennart Koopmann

Founder, Graylog, Inc.
Lennart founded the Graylog project in 2009 and has since then worked with many organizations on log management and security-related projects. He has extensive background in software development and architecture. His skills include Java, Ruby, Ruby On Rails, PHP, MySQL, MongoDB, and... Read More →
avatar for Jim Nitterauer

Jim Nitterauer

Director Information Security, Graylog, Inc.
Currently a Senior Security Specialist at AppRiver, LLC., his team is responsible for global network deployments and manages the SecureSurf DNS infrastructure and the SecureTide spam & virus filtering platform, internal applications and security operations. He holds a CISSP certification... Read More →

Saturday March 2, 2019 12:30pm - 6:00pm PST
Splunk HQ