Hi, One more paper that I came across while chasing the link Marcus gave, http://www.usenix.org/publications/library/proceedings/lisa98/full_papers/girardin/girardin_html/girardin.html This uses self organizing maps and visualization techniques to present the logged information to a human. The visualization part is interesting. I believe that "anomaly" is best detected by human analysts, but assisted by tools that make it possible to "see" the relationships that exists in the logged information. Any more information about using visualization for monitoring logs? Any idea about the software developed by the paper's authors? raj -- A Visual Approach for Monitoring Logs Luc Girardin and Dominique Brodbeck - UBS, Ubilab Abstract Analyzing and monitoring logs that portray system, user, and network activity is essential to meet the requirements of high security and optimal resource availability. While most systems now possess satisfactory logging facilities, the tools to monitor and interpret such event logs are still in their infancy. This paper describes an approach to relieve system and network administrators from manually scanning sequences of log entries. An experimental system based on unsupervised neural networks and spring layouts to automatically classify events contained in logs is explained, and the use of complementary information visualization techniques to visually present and interactively analyze the results is then discussed. The system we present can be used to analyze past activity as well as to monitor real-time events. We illustrate the system's use for event logs generated by a firewall, however it can be easily coupled to any source of sequential and structured event logs. --------------------------------------------------------------------- To unsubscribe, e-mail: loganalysis-unsubscribeat_private For additional commands, e-mail: loganalysis-helpat_private
This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 07:32:21 PDT