At 08:11 -0800 2003-02-20, SAWYER Charlotte M wrote: >[snip] >Geo mapping would be the ULTIMATE, but I'm wondering what other folks do or >are working on. > >Bottom line: Anyone feel like sharing more? > I replied to Ms. Sawyer off-list, and thought that I should perhaps follow up here as well. We use IPaudit and ipaudit-WEB to graph network use (including portscan activity), as well as snort&ACID. Internal traffic is plotted with cricket. Doesn't speak directly to logs and log analysis like Mr. Perrine's animations, but the graphs of network activity and how our firewall is blocking port scan attempts has made PHBs here aware of our applied knowledge and creates a willingness on their part to buy hardware for us for security purposes (log centralisation, analysis, etc). Big Brother has hooks for some log analysis, as well as monitoring my log server for disk full issues. 8-) References: http://ipaudit.sourceforge.net/ http://ipaudit.sourceforge.net/ipaudit-web/ http://cricket.sourceforge.net/ http://bb4.com/ -- Scott L. Delinger, Ph.D. IT Administrator Department of Chemistry University of Alberta Edmonton, Alberta, Canada T6G 2G2 scott.delingerat_private http://www.osdn.com/911/ _______________________________________________ LogAnalysis mailing list LogAnalysisat_private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Thu Feb 20 2003 - 13:53:39 PST