i'm doing a bit of web surfing looking for new useful tools, and i think i've hit gold on the DShield web site. for those of you who aren't familiar with it, DShield is a collaborative intrusion detection system sponsored in part by the SANS Institute. they've got a >>huge<< number of what they call client programs, that parse logs from routers and firewall devices into the format required by their database: http://www.dshield.org/howto.html#clients and even better, they've got >>documentation<< on how to write your own parser: http://www.dshield.org/specs.html since one of the long-term goals of this list is to build a database of message dictionaries (syntaxes, if you like, for parsing different sorts of logs) as well as to build a database of log message samples, it seems to me that we can leverage all this work. i have included a couple of my contacts at SANS and DSHIELD to introduce them to the idea. anyone worked with these systems before? thanks -- tbird "Our duty, as living things, is to be sure that pain is not our whole story, for we can choose to be otherwise....we can choose to dance." -- from "Six Moon Dance," by Sheri Tepper http://www.shmoo.com/~tbird Log Analysis http://www.counterpane.com/log-analysis.html VPN http://vpn.shmoo.com _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Dec 03 2002 - 20:46:18 PST