Re: [logs] Re: What's normal?

• Previous message: Jason Royes: "Re: [logs] Re: Central Log Server"
• In reply to: Paul Ebersman: "[logs] Re: What's normal?"
• Next in thread: Paul Ebersman: "Re: [logs] Re: What's normal?"
• Next in thread: Wright, Joseph G (Gregory), SOLCM: "RE: [logs] What's normal?"
• Reply: Paul Ebersman: "Re: [logs] Re: What's normal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'll offer an idea:
	Don't worry about figuring out how to baseline normal
	worry about figuring out how to make a user-interface and
	support tools that make it fast and easy to do it on a
	per-site basis.

If something doesn't generalize well (and I think I agree with
Paul that this problem doesn't) then figure out how to make it
_fast_ and _easy_ to be specific, with a minimum skill-set.
I want something I can sit an intern in front of for a day
and come away with a normal log-map and some token parsing
rules for my site. I think that should be do-able.

mjr.
---
Marcus J. Ranum				http://www.ranum.com
Computer and Communications Security	mjrat_private

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
https://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Paul Ebersman: "Re: [logs] Re: What's normal?"
• Previous message: Jason Royes: "Re: [logs] Re: Central Log Server"
• In reply to: Paul Ebersman: "[logs] Re: What's normal?"
• Next in thread: Paul Ebersman: "Re: [logs] Re: What's normal?"
• Next in thread: Wright, Joseph G (Gregory), SOLCM: "RE: [logs] What's normal?"
• Reply: Paul Ebersman: "Re: [logs] Re: What's normal?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 10:58:10 PDT