> Just an idle possibly-related thought: could any of the > principles of Bayesian spam filtering (quite the rage in > some circles...) be applied to logging? Been there, done that. What you are talking about are anomaly based IDS (or log filtering tools, whatever) based on various clustering principles. There's a wide literature in theme, with all kinds of approaches, from using bayesian learning (urgle) to neural network, genetic algorithms, you name it we got it. As a side note, you are talking of supervised learning, which is perfectly fine when you have samples of "normal" and "not normal", but what do you do when you don't ? FYI, there are also algorithms dealing with unsupervised learning, and my other PC is munching away a good load of TCP Dump logs right now with some tests regarding that :P In fact I think that learning and clustering algorithms were applied to logs a long way before tackling spam :P If you wish, I can elaborate, but googling is really the best you can do :) Stefano "Raistlin" Zanero System Administrator Gioco.Net public PGP key block at http://gioco.net/pgpkeys _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Sun Nov 17 2002 - 19:55:56 PST