Analysis of log files as a security aid

Log files are the history books of a computer system. In particular, they tell a good portion of the security related events and menaces that a system has to withstand and, sometimes, fails to resist to. Therefore, log files´ analysis can be valuable to system and security administrators if the difficulty of extracting the relevant information of the different kinds of data and formats can be surmounted. And if we consider a huge system in terms of users, services and accesses, the difficulty of the analysis task rises enormously. In infra-structures where there is more than one server and communication link, it is possible for the administrator and security team to configure all systems to record their logs in a central huge repository, but the search for abnormalities is quite impossible without specialized tools. As we believe that the collected information on log files can be valuable, we use information retrieval open source tools to index the log files´ fields and search for patterns of suspected behavior, which may indicate a system intrusion. Our development allows queries based on variables introduced by the analyst. The preliminary results obtained when using log files from an academic institution indicates that our approach is effective and can be used as a security aid.