RE: [logs] what to log/what to look for: stateful log analysis?

• Previous message: Andy_Bachat_private: "Re: [logs] perl question relating to log analysis"
• In reply to: Kohlenberg, Toby: "RE: [logs] what to log/what to look for: stateful log analysis?"
• Next in thread: Kohlenberg, Toby: "RE: [logs] what to log/what to look for: stateful log analysis?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Toby and all,

>There are a bunch of engines that can do this
Yes, that certainly is true, but what about the fuel for those engines?
Actually, not only the fuel is missing; also the roadway and the map ;-)

>The real trick is the nomenclature stuff, IMHO.
That is exactly my point! The HOW is better developed than WHAT in this
case. But is it really realistic to just ask _everybody_ what sequences of
events they look for while doing log analysis and then create a
comprehensive database of them...? To me, this sounds like an
insurmountable task...

Best,
-- 
  Anton A. Chuvakin, Ph.D., GCIA
     http://www.chuvakin.org
   http://www.info-secure.org

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Russell Fulton: "Re: [logs] perl question relating to log analysis"
• Previous message: Andy_Bachat_private: "Re: [logs] perl question relating to log analysis"
• In reply to: Kohlenberg, Toby: "RE: [logs] what to log/what to look for: stateful log analysis?"
• Next in thread: Kohlenberg, Toby: "RE: [logs] what to log/what to look for: stateful log analysis?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Aug 29 2002 - 13:44:23 PDT