A security System Administrator is reviewing the network system log files. He notes the following:
– Network log files are at 5 MB at 12:00 noon.
– At 14:00 hours, the log files at 3 MB.
What should he assume has happened and what should he do about the situation?
A.
He should contact the attacker’s ISP as soon as possible and have the connection disconnected.
B.
He should log the event as suspicious activity, continue to investigate, and take further steps according to site security policy.
C.
He should log the file size, and archive the information, because the router crashed.
D.
He should run a file system check, because the Syslog server has a self correcting file system problem.