[logs] state machines and (automated) log analysis -- any tools?

From: Jim Prewett (downloadat_private)
Date: Tue Feb 18 2003 - 11:57:42 PST

  • Next message: Hector kassef Smith .: "[logs] Fwd: Firewall logs"

    I'm looking for something that uses state machines (or something simular,
    state machines are my first guess)  to aid in log analysis.
    I'm thinking of things like the ssh CRC32 attack compensator exploit 
    (several years old, but... ) where log event A means nothing unless log 
    event B and C are seen as well (which mean nothing without A).
    Does anyone have any pointers to tools that look at logs in this way?
    \x88\x43\x07\x50\x50\x53\x53\xb0\x3b\xcd\x80\x89\xf6  Don't forget FreeBSD!
    Please avoid sending me Word or PowerPoint attachments.
    See http://www.fsf.org/philosophy/no-word-attachments.html 
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Wed Feb 19 2003 - 14:52:37 PST