Ed Schmollinger wrote: >My site doesn't look for interesting things, we look for things that are >not uninteresting. I think Mr. Ranum or somebody like that called it >"Artificial Ignorance." That'd be me. :) For those who aren't familiar with the concept, see: http://www.ranum.com/security/computer_security/papers/ai/ > We operate in a batch mode, though, where the >system rotates/parses the logs once a day and the systems staff review >the interesting messages. For any that are interested in batch-processing artificial ignorance type systems, I have a doo-dad called "retail" which is a useful stateful tail program for this purpose. You just put it in cron to run every 5 minutes or whatever, and pump its output through an artificial ignorance. You can get it from: http://www.ranum.com/security/computer_security/code/ mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 11:21:03 PDT