Hello, Message: 1 Date: Thu, 13 Feb 2003 12:52:27 -0800 From: Tom Perrine <tepat_private> To: seandat_private Cc: sysfrankat_private, loganalysisat_private Subject: Re: [logs] security animation - datamining experiment Does anyone have any comments on extracting useful info from the animation? I think it gives a good indication of *where*/*when* we should look in the data, and *what* we should look for, in further analysis. But as a standalone analysis, its just does not seem to be complete on its own. What do you folks think? Is anyone else interested in trying to use scientific visualization tools to extract information from logs? I'm not thinking in terms of geo mapping, but other ideas. _______________________________________________ Maybe having the "Blop's" color coded to vulnerability or destination port used.? Also, Having the capability of "double-clicking" on the "Blop" to see the actual logs. (ie. This IP hit this IP on Destination port. Or a report format to show the highest Source IP, Destination IP, Destination Port, etc. Like the Internet Storm Center does).. This would allow Security Personel to see who is creating the traffic from each region and what they are trying to do... Security folks may be able to use this to modify Firewall rules and the like.. Cheers.. Mark Bartlett ----- Original Message ----- From: <loganalysis-requestat_private> To: <loganalysisat_private> Sent: Saturday, February 15, 2003 7:00 AM Subject: LogAnalysis digest, Vol 1 #160 - 1 msg > Send LogAnalysis mailing list submissions to > loganalysisat_private > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.shmoo.com/mailman/listinfo/loganalysis > or, via email, send a message with subject or body 'help' to > loganalysis-requestat_private > > You can reach the person managing the list at > loganalysis-adminat_private > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LogAnalysis digest..." > > > Today's Topics: > > 1. Re: security animation - datamining experiment (Tom Perrine) > > --__--__-- > > Message: 1 > Date: Thu, 13 Feb 2003 12:52:27 -0800 > From: Tom Perrine <tepat_private> > To: seandat_private > Cc: sysfrankat_private, loganalysisat_private > Subject: Re: [logs] security animation - datamining experiment > > The mapping was done for us by the CAIDA folks. They used software > *related* to (but not exactly the same as) NetGeo: > > http://www.caida.org/tools/utilities/netgeo/ > > The actual software used is not (yet) publicly available, IIRC. > > Does anyone have any comments on extracting useful info from the > animation? I think it gives a good indication of *where*/*when* we > should look in the data, and *what* we should look for, in further > analysis. But as a standalone analysis, its just does not seem to be > complete on its own. > > What do you folks think? Is anyone else interested in trying to use > scientific visualization tools to extract information from logs? I'm > not thinking in terms of geo mapping, but other ideas. > > > -- > Tom E. Perrine <tepat_private> | San Diego Supercomputer Center > http://www.sdsc.edu/~tep/ | > > > --__--__-- > > _______________________________________________ > LogAnalysis mailing list > LogAnalysisat_private > http://lists.shmoo.com/mailman/listinfo/loganalysis > > > End of LogAnalysis Digest > _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Mon Feb 17 2003 - 19:27:49 PST