RE: [logs] most popular reports...?

• Previous message: Bruce Platt: "RE: [logs] most popular reports...?"
• In reply to: Bruce Platt: "RE: [logs] most popular reports...?"
• Next in thread: Marcus J. Ranum: "RE: [logs] most popular reports...?"
• Next in thread: Bruce Platt: "RE: [logs] most popular reports...?"
• Reply: Marcus J. Ranum: "RE: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

is no one doing any trend analysis (ie fasting rising ports being hit)?
all i see listed so far are static "top N" reports. if you have more than
a handful of servers for any of those services they'll always swamp out
the interesting bits in "top N" reports. trend analysis can yield more
insightful results, but you have to have a decent window and additional
filters in place to spot real trends (as opposed to the normal ebb and
flow of traffic).

________
jose nazario, ph.d.			jose@private
http://monkey.org/~jose/ 		http://infosecdaily.net/
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Bruce Platt: "RE: [logs] most popular reports...?"
• In reply to: Bruce Platt: "RE: [logs] most popular reports...?"
• Next in thread: Marcus J. Ranum: "RE: [logs] most popular reports...?"
• Next in thread: Bruce Platt: "RE: [logs] most popular reports...?"
• Reply: Marcus J. Ranum: "RE: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 12:20:18 PDT