Hi all, Does anyone know of a tool out there that will allow me to correlate incidents between several different logs? For example, if I see an attempt to pull off a php exploit on my IDS it stands to reason that I'll see a similar log entry on my web server. What I'm looking for is something that will pull these two records out of the individual logs and place them in an "incident" log as a related event. The current problem is that we're talking about hundreds of thousands of log entries. Suppose I could Perl it, but I was kinda hoping there might be a commercial/shareware tool out there already that could do it so much better than I could. thanks, phs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:57:09 PDT