A very useful technique a network administrator can use to identify problematic network behavior is careful analysis of logs of incoming and outgoing network flows. The challenge one faces when attempting to undertake this course of action, though, is that large networks tend to generate an extremely large quantity of network traffic in a very short period of time, resulting in very large traffic logs which must be analyzed post-generation with an eye for contextual information which may reveal symptoms of problematic traffic. A better technique is to perform real-time log analysis using a real-time context-generating tool such as LoGS.
@article{arxiv.cs/0502052,
title = {Log Analysis Case Study Using LoGS},
author = {Dmitry Mogilevsky},
journal= {arXiv preprint arXiv:cs/0502052},
year = {2007}
}