[logs] Starting a proxy log analysis regime from the ground up

From: Administrator (Administratorat_private)
Date: Tue Sep 18 2001 - 00:34:48 PDT

Next message: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"

Previous message: Robert Bihlmeyer: "Re: [logs] Log rotation tools"
Next in thread: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"
Reply: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I work as the technician/administrator for a UK secondary school with aprox
300 windows PC's (mostly win2k and some win98) and 2 win2k servers.
Our internet access passes through a filtering program (CyberPatrol) but I
am aware that this is never 100% effective.
At present, when I find a spare chunk of time, I wade through our proxy-logs
looking for something that "doesn't look right".  Obviously this is a less
than efficient way of going about things.
Can anyone here advise me on the best way of developing my log analysis
scheme?  E.g. Log analyser packages, 'tips of the trade', that sort of
thing.
My principle concerns are :
*) Detecting access to inappropriate websites that CyberPatrol has missed.
*) Detecting attempts to subvert the security system from within
 
Thanks 
 
 
Geoff Hale
 
System Admin
David Hughes School - Anglesey.

Next message: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"
Previous message: Robert Bihlmeyer: "Re: [logs] Log rotation tools"
Next in thread: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"
Reply: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 13:52:17 PDT