Re: [logs] Log Analysis for Law Enforcement

• Previous message: Darin.MARAISat_private: "RE: [logs] Regulatory logging requirements"
• Next in thread: Russell Fulton: "Re: [logs] Log Analysis for Law Enforcement"
• Reply: Russell Fulton: "Re: [logs] Log Analysis for Law Enforcement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 16, 2003 at 04:05:03PM -0500, Buck Buchanan wrote:
[ ... ]
> recovered fragments of deleted logs.  Another part suggests the need for a
> tool to merge multiple logs from multiple machines into a timeline.

So, now that I've had some free time to write up a readme.  I wrote just
such a tool about 2 years ago.  It uses a config file to specify per
host or per domain time zone adjustments and output color.  The output
is HTML.  It can handle multiple log files as input, so that you can
make a time line spanning many different sites.

URL: http://security.sdsc.edu/software/
    (Look for the 'log_merge' program near the top).

enjoy.


-- 
Devin Kowatch
devinkat_private
_______________________________________________
LogAnalysis mailing list
LogAnalysisat_private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Next message: Russell Fulton: "Re: [logs] Log Analysis for Law Enforcement"
• Previous message: Darin.MARAISat_private: "RE: [logs] Regulatory logging requirements"
• Next in thread: Russell Fulton: "Re: [logs] Log Analysis for Law Enforcement"
• Reply: Russell Fulton: "Re: [logs] Log Analysis for Law Enforcement"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 07 2003 - 09:05:02 PST