Budget Books

Do you know how to manage your security log? If you don't, then this book is for you. Authors Jacob Babbin, Dave Kleiman, Everett F. Carter Jr., Jeremy Faircloth, Mark Burnett and Esteban Gutierrez, have done an outstanding job of writing a book that shows you how to exactly solve the various problems pertinent to log generation, storage, processing, and reporting.

Babbin, Kleiman, Carter Jr., Faircloth, Burnett and Gutierrez, begin by covering how to get more information out of your passive detection systems. Then, the authors explore how to find key events in the log files of your Web servers and their host systems, and correlating data to give you useful reports. Next, they illustrate the depth and breadth your security logs can cover. They continue by exploring what ESM is, how it works, and when and where it should be used. In addition, the authors go over each of the primary areas of focus, and show you some techniques you can use to best manage your log files. Finally, they show you how to build a toolbox of queries that you will have ready to use if needed.

The ideas and tools shown in this most excellent book will help your organization in several ways. Perhaps more importantly, if you keep all of the solutions shown in this book in mind, your organization should have a flexible, scalable, remotely accessible security reporting infrastructure that can bend to the needs of an organization.

When I received a review copy of Security Log Management (SLM) last month, I was eager to read it. I saw two very powerful but seldom discussed tools -- Argus and Bro -- mentioned in the table of contents. This indicated some original thinking, which I appreciate. Unfortunately, SLM did not live up to my expectations. When you strip out the pages of scripts and code and the three reprinted chapters, you're left with a series of examples of output from the author's deployment of several tools. Aside from a few examples mentioned in this review, I don't think readers will learn much from SLM.

The first problem with SLM is a lack of competent editing. Prior to publication, someone should have read the book from the reader's perspective, asking "what is the reader expected to learn from this section/chapter/book?" In other words, the editor should have asked "how is the reader supposed to implement these recommendations?" For example, Ch 2 mentions using the Bro IDS. Nothing about setting up Bro is included, which would be acceptable if a reference to an online guide or another book was given. That is not the case; the author just assumes readers know about Bro and have it running. The number of Bro users is probably less than 100. If you're one of them, you don't need to read this book!

Bro's DNS and SMTP logging modules are casually demonstrated with no regard for showing the reader how to deploy them. The Web module at least shows a sample mt.bro file, if the reader can figure out what that is or how it fits into the picture. The situation gets worse on p 101 when the author says "the SMTP module can be very powerful in helping to identify several of the 'Marcus Ranum' top mail-related statistics (Chapter 1)." Marcus Ranum is not mentioned at all in Ch 1.

SLM demonstrates two other features that are becoming increasingly common and frustrating in Syngress books, for which I detracted stars from the review. First, the editing is rough. I am perplexed by the inability to standardize on references to tools; e.g., is it bro, Bro, or BRO? Second, and far more worrisome, the last three chapters (7, 8, and 9) of SLM are reprints of chapters 6, 7, and 5 from the Feb 2005 Syngress book Microsoft Log Parser Toolkit. On the positive side, SLM did not have as many fuzzy screen shots as sometimes appear in recent Syngress books. The unexplained small, fuzzy, NetForensics screen shot on p 31 is one unwelcome exception.

In terms of stating a clear purpose and delivering material in a coherent manner, the best chapter in SLM is Ch 6 -- Scalable Enterprise Solutions. I thought the author of this chapter stated his purpose, and then delivered material that readers could use. My only problem with the chapter was reading the definition of ESM 5 times -- on pp 195, 196, 205, 237, and 238!

My favorite part of SLM was the material showing how to put Argus records into a MySQL database. This is not that common, so I was glad to see how the author implements that function.

I'm sorry I can't recommend reading SLM in its current form. Three stars means there is some value, but you could get what you need browsing in the book store. I would like to see a second edition of SLM cut out the reprinted chapters. That cuts the book down to 241 pages. If the 70 or so pages of code are moved online, that reduces the book to 171 pages. That leaves plenty of room to add material that meets readers' needs. An example of a very strong Syngress book on a related (host-based) topic is Host Integrity Monitoring Using Osiris and Samhain by Brian Wotring.

It is not often that I review a genuinely bad book, but this is one such rare occasion. It so happens that log analysis has been my primary area of focus for the last several years and thus I could not have missed a book titled "Security Log Management."

Yuck! The book starts from a hodge-podge of examples, which, if entertaining at times, doesn't lead to any meaningful lessons and thus doesn't deliver the value it could have produced. The same applies to material selection for the book, which, as a result, suffers from a compete lack of logical structure. Even the Ch 1 "Log Analysis: Overall Issues" barely touched on analyzing logs and clearly didn't cover any "overall issues." Also, authors have undoubtedly trademarked the concept of a random irrelevant picture or graph...

In addition, the book reveals many areas where authors are deeply befuddled. ESM chapter (`Enterprise Security Management') is one such example, where such confusion reigns supreme. They can talk about `ESM process' and claim that `ESM is not a tool' in one sentence and then describe `ESM tools' in the next one. On top of that, if you are looking for some arcane security humor, try understanding their ROI calculation in the chapter (`Cost of problem' + `Cost of solution' ...)

One would think that they can get something as (relatively) simple as firewall reporting right (chapter 3). One would think that - and one would be wrong... The reader is still left with no answers to questions such as `what summaries, statistics and reports he/she should collect and how to do it'

As far as style is concerned, the book carries unfortunate signs of being written by a group of authors who didn't talk to each other much. Furthermore, what adds insult to injury is truly excessive amount of quoted source code, which plainly doesn't belong in the book, but on the website, CD, etc (were editors asleep at the wheel?)

To conclude, the book does have some relationship to patterns and chaos: the patterns in your brain will immediately turn into chaos after you are done reading it, provided you would even finish it. My suggestion is to avoid this largely useless title and save the money for better books (such as Bejtlich's or countless others).

Dr Anton Chuvakin, GCIA, GCIH, GCFA (http://www.chuvakin.org) is a
recognized security expert and book author. A frequent conference speaker, he also represents the company at various security meetings and standard organizations. He is an author of a book "Security Warrior" and a contributor to "Know Your Enemy II", "Information Security Management Handbook" and the upcoming "Hacker's Challenge 3". Anton also published numerous papers on a broad range of security subjects, such as incident response, intrusion detection, honeypots and log analysis. In his spare time he maintains his security portal http://www.info-secure.org and two blogs.

Why is the list price $10.50 and you sell it for $14.80? I don't see the savings??

This travel series is the Best around. I cannot say enough about how organized and user friendly these books are. I just wish they offered more countries like Scandinavia and other European destinations. I own over 35 travel guides and these far outshine all the rest for clear, organized and detailed information. I wish other publisher would adopt their layout style because it would make it alot easier on us!!! I HIGHLY recommend these guides!!!! The best.

i mowed all these lawns and sold lots of lemanade and then i read dustins book. i tried his ideas and god HOSED ME! he taked all my money and now i am sad.

What a great book! I will recommend it to all my friends and family. I love how this book combines both biblically based principles with sound financial advice. Just the websites alone listed in this book make it worth purchasing. Through the websites and the strategies taught in this book, I am able to create my own personalized, biblically based plan to reach my financial goals. It is written in a way that is powerful and easy to understand.

This book covers all areas of the state of California, and could be very useful in comparing and selecting between the eleven areas of the state that the authors profile. The book covers many cities and towns, but does miss some towns that could be of high interest to retirees -- such as Auburn and Morro Bay. Unfortunately, since the books was copyright in 1998 and because of the rapid increases in real estate values, the home prices given are quite out of date.

Very good explanations and data of the towns covered. I wish the author had included a more cities in the book.

WARNING: If you are planning a trip to Cosumel or Playa Del Carmen-in the Caribbean, you will NOT find any information about these places in this book. Someone should sue Fodor's for calling the book: "Fodor's Caribbean", since it does not encompass the entire Caribbean! I am very disappointed and plan to return the book.

i'm writing this review specifically to contradict the previous review. this is a VERY well detailed regional guide, with a devoted chapter for every caribbean state and numerous recommendations in every price category. i actually used this during a caribbean trip this past summer and found its information quite helpful.

if you are looking for information on cozumel or playa del carmen, or other caribbean-facing beach towns in mexico, buy a travel guide for mexico. the complaint from the other review is the equivalent of buying a travel guide to texas and then complaining that ciudad juarez was left out.

Generic text book MBA stuff.-worth the purchase, good leaning tool while stuck in traffic.

I was extremely impressed with this book. I am beginning a new job soon and this book will come in handy, especially for the person who had been out of school for a while and needs a refresher. It is easy reading with very good graphs and examples to follow. I am confident this book can help anyone out from the recent graduate to the high ranking executive.

My wife and I recently stopped in Venice on our honeymoon. We followed this book's recommendation of the best pastry shop in Venice and found ourselves in a piazza with a store that had a gelato stand and a couple of muffins. We've tried 3 of these Frommer's dad by day guides now and are always underwhelmed. We were impressed with the Rick Steve's book for Italy which had a large section on Venice. Your hotel or any store in the area can provide you with a much much better map than this book has for 3 euros.

This one book has everything--explanations, pull out map, and a useful dictionary. I bought other products and this is really all I need for Venice.

Have you ever woken up in the morning and found that you have nothing to wear? Well now, you can learn how to put together new outfits and make new clothes out of the same book! Make matches you would have never thought of and have fun doing it. It's all about clothes. Find the teen fashionista in yourself.

This book has such great capacity to be good. The title is intriguing and interesting. However, I do not think that the book contains enough things that were promised. The book only contains a few tips on what you should wear and a lot of it is bulked out with pictures. Admittedly, the pictures are very interesting, but they do not teach us about what clothes we should wear. It is the start to a very interesting topic but I think that it needs more.

Reviewed by a student reviewer for Flamingnet Book Reviews
www.flamingnet.com
Preteen, teen, adn young adult book reviews and recommendations

I've been interested in fashion and being unique with clothes since seventh grade (im in eighth now). So, I was looking through the young adult section of Barnes & Noble several weeks ago when I stumbled across this book and began reading it. I was so fascinated in the fact that somebody had actually written a book on fasihon and clothes that I bought it right away.

Because the author is a fifteen-year-old high school student, the fashions are pretty much what people are wearing as of today. At the beginning, the book includes ideas on clothes to flatter your body type, shopping tips, and ideas for taking your old clothes and making them new. The majority of the book is devoted to the outfits, which are modeled on real teen girls and are composed of all the fashions that teens love (minis, heels, etc.)

While the fashions were pretty creative and could give you some great ideas, they weren't anything too special. Anybody who has a creative mind could easily come up with outfits like this- or even better. But if you are stuck in a rut, you should definitely check this book out for ideas. Another annoying thing I found was that a lot of the outfit ideas were based on hip-hop style... I know that lots of people are into that, but I thought the book was lacking more in more feminine, classic, and wild styles, which I am more fond of. I also didn't understand why the author recommended wearing thong undewear and seemed to worship them so much, but then again, to each her own. The fashions may be dated in several years, but that shouldn't stop you from buying this book if you're interested in developing your own personal style. Just use this book for inspiration, and soon you will be able to come up with great outfits on your own.

John Russo's MAKING MOVIES was a semi-classic. That information is reformatted here in what seems to be the latest entry in the Name-that-tune version of micro-budget movie making: "I can make that movie for just $12." It's time to get real. Yes, we've all heard (and some people even bought the book) about El Mariachi; but anything less than $100,000 for a "regular" movie is really pushing it.

I had exactly $10,000 dollars to make a movie with and coincedentally I saw this book and bought it. It's not great, but it does reveal tricks of the trade of movie making. If you're going to make a movie, you should also read directing, lighting, editing, cinematagraphy, and screenwriting books as well.

Only about 30 pages on hostels in Europe, but close to 300 on hostels in Britain. I was hoping for a more well-rounded list.

As most hostel travelers know the best way to find out about a hostel is to talk to others. The writers give you that to start with. This book is not as comprehensive as i would have liked but it did offer a list of what to look for and where to find it. It is difficult to write such a book as hostels are always opening and closing so while i feel they could have been more inclusive it was not a bad place to start, assuming you have suplimental information.