The issue I have here is that it's not only completely unsafe and highly unorthodox to send sensitive data to an unknown third party, it's kind of a hassle and quite possibly totally impractical. For example, when I worked for "a large Fortune 500 communications company" in a past life, we often had log files approaching (and sometimes exceeding) one GB in size. Your mail system have any quotas? Do you have a (group of) fast machines to go through that much data? How big is your pipe? Offhand, I'd say your system has serious scaling issues. However, what really gives me pause is that you say you've taken "all measures possible" to make sure none of the data you receive is disclosed. I respectfully submit that you have most certainly not taken *all* possible measures. You missed the single most important step you could have taken: Give us your code, or failing that a binary, licensed under whatever terms you desire; charge money if you wish to. But let us analyze our own log files on our own machines. That is the only way I know to completely ensure that my data stays my data. If you are truly after testable data merely for empirical purposes, you might do well to write a small Perl script or some such which will excerpt and then anonymize some statistically large yet still manageable chunk of log data. Ask the kind folks on this list to run the script and email the data back to you for testing. I think you'd find many willing participants here. And if you'd open your project up a little you might also find some people willing to help and contribute beyond simply providing semi-random data. -B On Tue, 18 Jun 2002, NixGuru wrote: > On Tue, 18 Jun 2002, Tina Bird wrote: > > <snip> > > > > > tbird > > wondering if she should have killed that posting... > > > > > > </snip> > > Thanks for letting it through! > > In essence, skepticism is what tightens security. > > I assure you, I have taken all measures possible to ensure that none > of the information received will be disclosed in any way, other than > to myself and the sender. I just would like 'real life' log files, to > see if the analysis is actually useful. > > My idea is that those who do not have the resources to write their own > log analysis routines, may want an analysis performed 'off site'. It's > at least better than not looking in your logs at all. Judging by the > examples received so far, ugly things are going on that would have > passed by undetected. > > As someone said, sending log files in plain text is not a good idea. > But there is the possibility to use PGP, as stated on the site. > PGP-key is there too. However, I agree with a few comments I received > - I would also be sceptical to sending logfiles to a basically > anonymous account. But I have my reasons for doing so. > > Thanks > > nix > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: loganalysis-unsubscribeat_private > For additional commands, e-mail: loganalysis-helpat_private > --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jun 18 2002 - 11:54:49 PDT