is this the one ? http://www.sans.org/SANS2002/honeypot.php possible for those that can't attend to have the software / script (whatever on cdrom ) ? --- "Marcus J. Ranum" <mjrat_private> wrote: > > > > be releasing pieces of the system on CDROM at > SANS in April. > > > >Which SANS? Orlando or Omaha? > > Orlando. Lance Spitzner and I are teaching a class > on honeypots > together. My part of the class is covering a bunch > of cool stuff for > log analysis of data returned from honeypots, and a > honeypot > implementation. :) Or it's supposed to, anyhow. I'm > still frantically > coding on it and probably will be until the night > before the class. :) > > Joking aside, I've written a generalized > configurable parser for log > files that converts stuff into a standardized > mark-up. For example, > it took me about 20 seconds to write a ruleset to > translate my > web server logs into a format compatible with my > incoming > syslogs so I can manipulate them together. I think > that's useful. ;) > The program's called "fargo" (it's a log processor, > see...) and I'll > be making it available in source code form along > with the honeypot > code and a bunch of other stuff I don't want to talk > about yet.* > > mjr. > (* 'cuz it's still vapor) > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > loganalysis-unsubscribeat_private > For additional commands, e-mail: > loganalysis-helpat_private > ===== //skopganu __________________________________________________ Do You Yahoo!? Great stuff seeking new owners in Yahoo! Auctions! http://auctions.yahoo.com --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Wed Jan 30 2002 - 16:23:19 PST