Re: [logs] Log Analysis

From: Jacques Thomas (jacktomat_private)
Date: Wed Jan 16 2002 - 06:24:23 PST

Next message: Peter Benson: "[logs] NFR"

Previous message: Jacques Thomas: "Re: [logs] FW: New Incident Response book: Hacker's Challenge"
In reply to: jamie rishaw: "[logs] Log Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Tina's page has an awfull lot of helpful information on the topic :
http://www.counterpane.com/log-analysis.html

Jacques THOMAS


jamie rishaw wrote:
> 
>  Hey everyone,
> 
>   I'd like to get some input from people who are currently running a
> centralized logging environment with multiple (and theoretically multi-
> platform) OS's logging to one (or multiple) syslog hosts.
> 
>   Getting logging down, and getting hosts to log to a central server was
> the easy part.  It's pretty nifty, one place to go, and no more /var
> fill ups :-)   however, it's now time to go to the next step.
> 
>   What (presumedly freeware/opensource/open-dev) programs, home brew
> perl madness, commercialware, etc, are people using for their log analysis?
> 
>   I think there will be two schools of solutions here, correct me if I'm
> missing or off topic:
> 
>   1) Real-Time monitors to "tail" output and generate alerts/flags based
>      on certain situations or checkpoints/markers, and
> 
>   2) Daily log parsing for reports, trend analysis, and longer term
>      watching
> 
>   Program names are fine to spew back, but input on actual use of these
> utilities, thoughts, etc, would help.
> 
>   And if it turns up zero, perhaps we can start a project of our own :)
> 
>   Thanks in advance for input.  I'm hoping I'm not the only one out here
> in the same boat.
> 
> jamie
> --
> jamie rishaw <jamieat_private>
> sr. wan/unix engineer/ninja // playboy enterprises inc.
> [opinions stated are mine, and are not necessarily those of the bunny]
> 
> "UNIX was not designed to stop people from doing stupid things, because
>  that would also stop them from doing clever things." -- Doug Gwyn
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: loganalysis-unsubscribeat_private
> For additional commands, e-mail: loganalysis-helpat_private

---------------------------------------------------------------------
To unsubscribe, e-mail: loganalysis-unsubscribeat_private
For additional commands, e-mail: loganalysis-helpat_private

Next message: Peter Benson: "[logs] NFR"
Previous message: Jacques Thomas: "Re: [logs] FW: New Incident Response book: Hacker's Challenge"
In reply to: jamie rishaw: "[logs] Log Analysis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 06:40:24 PST