Administrator <Administratorat_private> writes: > I work as the technician/administrator for a UK secondary school > with aprox 300 windows PC's (mostly win2k and some win98) and 2 > win2k servers. > > Our internet access passes through a filtering program (CyberPatrol) > but I am aware that this is never 100% effective. > > At present, when I find a spare chunk of time, I wade through our > proxy-logs looking for something that "doesn't look right". > Obviously this is a less than efficient way of going about things. > > Can anyone here advise me on the best way of developing my log > analysis scheme? E.g. Log analyser packages, 'tips of the trade', > that sort of thing. > > My principle concerns are : > > *) Detecting access to inappropriate websites that CyberPatrol has missed. Grepping the logs won't tell you whether a site was "inappropriate". But you can look for changes in number of log entries per day, per user, per site, etc. to detect differences in use. I would add to the list of concerns: *) Detecting benign sites to which access is inappropriately blocked especially with CyberPatrol. http://www.peacefire.org/censorware/Cyber_Patrol/ http://www.netfreedom.org/news.asp?item=117 > *) Detecting attempts to subvert the security system from within At a secondary school there is a great opportunity for promising students to learn about network security - one could start a project, unrelated to content filtering, to produce a secure http proxy. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Sep 18 2001 - 23:01:38 PDT