[logs] Starting a proxy log analysis regime from the ground up

From: Administrator (Administratorat_private)
Date: Tue Sep 18 2001 - 00:34:48 PDT

  • Next message: Hal Snyder: "Re: [logs] Starting a proxy log analysis regime from the ground up"

    I work as the technician/administrator for a UK secondary school with aprox
    300 windows PC's (mostly win2k and some win98) and 2 win2k servers.
    Our internet access passes through a filtering program (CyberPatrol) but I
    am aware that this is never 100% effective.
    At present, when I find a spare chunk of time, I wade through our proxy-logs
    looking for something that "doesn't look right".  Obviously this is a less
    than efficient way of going about things.
    Can anyone here advise me on the best way of developing my log analysis
    scheme?  E.g. Log analyser packages, 'tips of the trade', that sort of
    thing.
    My principle concerns are :
    *) Detecting access to inappropriate websites that CyberPatrol has missed.
    *) Detecting attempts to subvert the security system from within
     
    Thanks 
     
     
    Geoff Hale
     
    System Admin
    David Hughes School - Anglesey.
     
     
    



    This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 13:52:17 PDT