Re: [logs] Security animation - or at least graphic visualizations

From: Scott Delinger (scott.delingerat_private)
Date: Thu Feb 20 2003 - 12:23:36 PST

  • Next message: Russell Fulton: "Re: [logs] Tcpdump log analysis"

    At 08:11 -0800 2003-02-20, SAWYER Charlotte M wrote:
    >Geo mapping would be the ULTIMATE, but I'm wondering what other folks do or
    >are working on.
    >Bottom line:  Anyone feel like sharing more?
    I replied to Ms. Sawyer off-list, and thought that I should perhaps 
    follow up here as well. We use IPaudit and ipaudit-WEB to graph 
    network use (including portscan activity), as well as snort&ACID. 
    Internal traffic is plotted with cricket. Doesn't speak directly to 
    logs and log analysis like Mr. Perrine's animations, but the graphs 
    of network activity and how our firewall is blocking port scan 
    attempts has made PHBs here aware of our applied knowledge and 
    creates a willingness on their part to buy hardware for us for 
    security purposes (log centralisation, analysis, etc). Big Brother 
    has hooks for some log analysis, as well as monitoring my log server 
    for disk full issues. 8-)
    Scott L. Delinger, Ph.D.		IT Administrator
    Department of Chemistry
    University of Alberta
    Edmonton, Alberta, Canada  T6G 2G2
    LogAnalysis mailing list

    This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 13:53:39 PST