> I'm trying to build a list of the "most popular reports" that > people pull from their system logs. This is mostly for my curiousity, > but also to see if log analysts tend to share common goals, or > whether we're all over the spectrum. I'm also hoping to be able to > maybe assemble a "top ten" list that people can look/ask for > from log analysis vendors. - <if it's not a web server with lots o' really long URLs> all lines of log data longer than N characters - summary of remote access usage -- SSH, VPN, telnet (ick) whatever, with at least username, source, destination (to look for people in odd places and check for trends) -- ideally, i'd get a "someone logged in from somewhere new" summary, but i'll settle for everything, at least at first - lines containing "root" and "passwd" and "null" (or perhaps, combinations thereof) - top N most common lines ...of course, it occurs to me that you've probably culled most of my suggestions from our previous conversations on the topic, but just in case... _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 11:25:54 PDT