Project Honeynet “Log Mysteries” Challenge Lessons

10 Nov 2010 Anton Chuvakin challenge lessons-learned
We just finished grading the results of Project Honeynet “Log Mysteries” Challenge #5 and there are some useful lessons for BOTH future challenge respondents and to log analysts and incident investigators everywhere. If you look at the challenge at high level, things seem straightforward: a bunch of log data (not that much data, mind you – only 1.14MB compressed) from a Linux system. You can squeak by even if you use manual analysis and simple scripting.