Fred Mobach <fredat_private> writes: > Where you are looking for interesting items and emails those to the > selected staff I unselect uninteresting messages and post the > remaining messages to : > - known messages to the operators for that software package, > - unknown messages to the security officers. > The latter because I never know beforehand what's going on. Good point. We're doing this with some logs, too. But we could do better. BTW, we're still working on the best way to handle firewall logs. Two things make them challenging - the sheer volume of data, and the fact that interesting new problems usually show up not as a new type of message, but as a change in the distribution of messages. One more thing. In off-list email, Todd Glassey brought a number of omissions to my attention - including the requirement that every system that processes log messages needs a valid clock. For most of us, that means NTP. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 14:13:33 PDT