RE: [logs] most popular reports...?

From: Tina Bird (
Date: Wed Aug 18 2004 - 11:26:11 PDT

> 	I'm trying to build a list of the "most popular reports" that
> people pull from their system logs. This is mostly for my curiousity,
> but also to see if log analysts tend to share common goals, or
> whether we're all over the spectrum. I'm also hoping to be able to
> maybe assemble a "top ten" list that people can look/ask for
> from log analysis vendors.

- <if it's not a web server with lots o' really long URLs> all lines of log
data longer than N characters
- summary of remote access usage -- SSH, VPN, telnet (ick) whatever, with at
least username, source, destination (to look for people in odd places and
check for trends) -- ideally, i'd get a "someone logged in from somewhere
new" summary, but i'll settle for everything, at least at first
- lines containing "root" and "passwd" and "null" (or perhaps, combinations
- top N most common lines

...of course, it occurs to me that you've probably culled most of my
suggestions from our previous conversations on the topic, but just in

LogAnalysis mailing list

This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 11:25:54 PDT