RE: [logs] what is normal ?

Previous message: Marcus J. Ranum: "RE: [logs] what is normal ?"
Maybe in reply to: Ganu Skop: "[logs] what is normal ?"
Next in thread: Anton A. Chuvakin: "RE: [logs] what is normal ?"
Next in thread: Dale.Drewat_private: "RE: [logs] what is normal ?"
Reply: Anton A. Chuvakin: "RE: [logs] what is normal ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

bretwatsonat_private

Emerald apparently does it as long as you use the right things.. we are
using Tivoli Risk Manager to try and do the same thing (it uses the "Zurich
engine" for correlation)
Alternatively you could use PROLOG and do it that way..

Cheers,

Bret

"Marcus J. Ranum" <mjrat_private>   30/10/2002 12:04 PM
Sent by: loganalysis-adminat_private

              To:  Dale.Drewat_private, loganalysisat_private                                                                   
              cc:  (bcc: WATSON Bret/IT/CHRT/ST Group)                                                                                 
              Subject: RE: [logs] what is normal ?                                                                                     

Dale.Drewat_private wrote:
>You need to be able to look for
>"abnormal" patterns in log data

I'd like to know how to do this. Any pointers?

mjr.
---
Marcus J. Ranum
http://www.ranum.com
Computer and Communications Security             mjrat_private

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

[This e-mail is confidential and may also be privileged. If you are not the
intended recipient, please delete it and notify us immediately; you should
not copy or use it for any purpose, nor disclose its contents to any other
person. Thank you.]

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis