> > be releasing pieces of the system on CDROM at SANS in April. > >Which SANS? Orlando or Omaha? Orlando. Lance Spitzner and I are teaching a class on honeypots together. My part of the class is covering a bunch of cool stuff for log analysis of data returned from honeypots, and a honeypot implementation. :) Or it's supposed to, anyhow. I'm still frantically coding on it and probably will be until the night before the class. :) Joking aside, I've written a generalized configurable parser for log files that converts stuff into a standardized mark-up. For example, it took me about 20 seconds to write a ruleset to translate my web server logs into a format compatible with my incoming syslogs so I can manipulate them together. I think that's useful. ;) The program's called "fargo" (it's a log processor, see...) and I'll be making it available in source code form along with the honeypot code and a bunch of other stuff I don't want to talk about yet.* mjr. (* 'cuz it's still vapor) --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Sun Jan 20 2002 - 20:48:42 PST