All, I'm looking for something that uses state machines (or something simular, state machines are my first guess) to aid in log analysis. I'm thinking of things like the ssh CRC32 attack compensator exploit (several years old, but... ) where log event A means nothing unless log event B and C are seen as well (which mean nothing without A). Does anyone have any pointers to tools that look at logs in this way? Jim -- ------------------------------------------------------------------------------- \x83\xec\x0c\x31\xc0\x31\xd2\x68\x2f\x73\x68\x21\x68\x2f\x62\x69\x6e\x89\xe3 \x88\x43\x07\x50\x50\x53\x53\xb0\x3b\xcd\x80\x89\xf6 Don't forget FreeBSD! ------------------------------------------------------------------------------- Please avoid sending me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 14:52:37 PST