Anton, I have used sec (Simple Event Correlator) for that. You can find the current release at http://prdownloads.sourceforge.net/simple-evcorr/sec-2.1.10.tar.gz ---Jim -----Original Message----- From: Anton A. Chuvakin [mailto:anton@private] Sent: Monday, October 06, 2003 18:10 To: loganalysis@private Subject: [logs] checking logs for time holes All, Loooong time ago I saw a program which was used to check log files for "time holes". So, for example, if you usually have a message from host "box1" every 3-5 minutes and this time there is a 30 minute hole with nothing from "box1", I want to know about it. I googled around trying to find smething of that sort, but with no results. Who can remind me about such program? I will be deeply grateful! Best, -- Anton A. Chuvakin, Ph.D., GCI* http://www.chuvakin.org http://www.info-secure.org _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Tue Oct 07 2003 - 09:29:01 PDT