Tina Bird wrote: >- <if it's not a web server with lots o' really long URLs> all lines of log >data longer than N characters Oo! Good idea! Right now I am trying to get that kind of capability with NBS in structural-analysis mode. I don't know if it's worth my adding length sorting to it or not (probably not) >- summary of remote access usage -- SSH, VPN, telnet (ick) whatever, with at >least username, source, destination (to look for people in odd places and >check for trends) -- ideally, i'd get a "someone logged in from somewhere >new" summary, but i'll settle for everything, at least at first Ok, that's a hot one. Let's just call that "VPN usage" frequency, user, etc - same as for a firewall, basically, except out the VPN interface. >- lines containing "root" and "passwd" and "null" (or perhaps, combinations >thereof) OK, that's a whitelist issue but it touches on reporting... >- top N most common lines Got that. Thanks! mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 11:57:22 PDT