LOG FILE MONITORS
Log file monitor (LFM) is similar to NIDS. It reviews log files generated by servers, network devices, and even other IDSs for patterns and signatures. Patterns which signify the attack are much easier to identify when entire network and its systems are viewed holistically. It requires allocation of considerable resources since it will involve the collection, movement, storage, and analysis of large quantities of log data.