Hi - I'm trying to build a list of the "most popular reports" that people pull from their system logs. This is mostly for my curiousity, but also to see if log analysts tend to share common goals, or whether we're all over the spectrum. I'm also hoping to be able to maybe assemble a "top ten" list that people can look/ask for from log analysis vendors. Here's my list: N should be considered a settable parameter - Top N machines sending/receiving traffic through the firewall - Top N machines sending/receiving traffic on the network segment same as above but inward-looking - Top N machines being accessed behind the firewall - Breakdown of traffic through firewall by service (%-age) this popular as a pie chart - Breakdown of traffic on the network segment by service (%-age) same as above but inward-looking - Top N email address(es) sending Email messages - Top N email address(es) receiving Email messages - %age of Email that is identified as spam - %age of Email that contains blocked attachments - Top N machines accessing web - Top N targets identified in IDS alerts - Top N IDS attacks identified - %age of web traffic aimed at sites on porn blacklist - %age of traffic aimed at sites on spy/adware blacklist - Top N porn-surfers - Top N most-ad/spyware infected systems - New machines that have served WWW/FTP/SMTP today (I am teaching a tutorial on system log analysis for SANS and USENIX/LISA and will gleefully add your good suggestions to my list!) mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 11:18:45 PDT