There are a couple of approaches you can use here.
Sometimes the volume of the data to analyse overwhelms us. In situations like that, it is often helpful to plot some graphs/visualisations to try and get some form of situational awareness. Placing the data into a spreadsheet/database and then tagging lines/rows of interest can also help in isolating data that has interesting features. That tagged data can again then be sliced and visualised. Online tools such as Splunk (there are others, but I can't immediately recall them) can be used for this purpose. Some reasonable texts on this are [1] and [2].
If you want to run some tool over the logs and see what it churns out (c.f. to running snort over a TCP dump file), then you may find the following post of some help: Using OOSEC for the forensic analysis of log files
References:
[1] Security Data Visualisation by Greg Conti
[2] Applied Security Visualisation by Rafael Marty
↧