RE: [logs] what is normal ?

Previous message: Jon Stearley: "Re: [logs] what is normal ?"
In reply to: Marcus J. Ranum: "RE: [logs] what is normal ?"
Next in thread: bretwatsonat_private: "RE: [logs] what is normal ?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

yleeat_private

I believe it ("abnormal") is application specific. Basically, the logging
messages are defined in the applicaiton:

-------------------------------------------------------------------------
$ man syslog

SYNOPSIS
       #include <unistd.h>

       #include <linux/unistd.h>

       _syscall3(int, syslog, int, type, char *, bufp, int, len);

       int syslog(int type, char *bufp, int len);
-------------------------------------------------------------------------

You'll need to consult with application vendors/adminitrator to identify the
"abnormal" pattern in the log. Browing through the old log data with the
application adminitrator is a good way to start.

Regards,

-----Original Message-----
From: loganalysis-adminat_private
[mailto:loganalysis-adminat_private]On Behalf Of Marcus J. Ranum
Sent: Tuesday, October 29, 2002 8:04 PM
To: Dale.Drewat_private; loganalysisat_private
Subject: RE: [logs] what is normal ?

Dale.Drewat_private wrote:
>You need to be able to look for
>"abnormal" patterns in log data

I'd like to know how to do this. Any pointers?

mjr.
---
Marcus J. Ranum				http://www.ranum.com
Computer and Communications Security	mjrat_private

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis