Re: [logs] OT: 'Automated Log Analysis'

From: Bill Rhodes (wrhodesat_private)
Date: Tue Jun 18 2002 - 10:56:40 PDT

  • Next message: Rajkumar S.: "[logs] How are you analysing logs now?"

    The issue I have here is that it's not only completely unsafe and highly
    unorthodox to send sensitive data to an unknown third party, it's kind of
    a hassle and quite possibly totally impractical.  For example, when I
    worked for "a large Fortune 500 communications company" in a past life, we
    often had log files approaching (and sometimes exceeding) one GB in size.
    Your mail system have any quotas?  Do you have a (group of) fast machines
    to go through that much data?  How big is your pipe?  Offhand, I'd say
    your system has serious scaling issues.
    
    However, what really gives me pause is that you say you've taken "all
    measures possible" to make sure none of the data you receive is disclosed.
    I respectfully submit that you have most certainly not taken *all*
    possible measures.  You missed the single most important step you could
    have taken: Give us your code, or failing that a binary, licensed under
    whatever terms you desire; charge money if you wish to.  But let us
    analyze our own log files on our own machines.  That is the only way I
    know to completely ensure that my data stays my data.
    
    If you are truly after testable data merely for empirical purposes, you
    might do well to write a small Perl script or some such which will excerpt
    and then anonymize some statistically large yet still manageable chunk of
    log data.  Ask the kind folks on this list to run the script and email the
    data back to you for testing.  I think you'd find many willing
    participants here.  And if you'd open your project up a little you might
    also find some people willing to help and contribute beyond simply
    providing semi-random data.
    
    -B
    
    On Tue, 18 Jun 2002, NixGuru wrote:
    
    > On Tue, 18 Jun 2002, Tina Bird wrote:
    >
    > <snip>
    >
    > >
    > > tbird
    > > wondering if she should have killed that posting...
    > >
    > >
    >
    > </snip>
    >
    > Thanks for letting it through!
    >
    > In essence, skepticism is what tightens security.
    >
    > I assure you, I have taken all measures possible to ensure that none
    > of the information received will be disclosed in any way, other than
    > to myself and the sender. I just would like 'real life' log files, to
    > see if the analysis is actually useful.
    >
    > My idea is that those who do not have the resources to write their own
    > log analysis routines, may want an analysis performed 'off site'. It's
    > at least better than not looking in your logs at all. Judging by the
    > examples received so far, ugly things are going on that would have
    > passed by undetected.
    >
    > As someone said, sending log files in plain text is not a good idea.
    > But there is the possibility to use PGP, as stated on the site.
    > PGP-key is there too.  However, I agree with a few comments I received
    > - I would also be sceptical to sending logfiles to a basically
    > anonymous account. But I have my reasons for doing so.
    >
    > Thanks
    >
    > nix
    >
    >
    >
    >
    > ---------------------------------------------------------------------
    > To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    > For additional commands, e-mail: loganalysis-helpat_private
    >
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 11:54:49 PDT