> From: John Kristoff [mailto:jtk@private] > > - log message count per hour (or whatever time interval). for > many systems logs across a 24-hour period are very smooth, spikes > in any interval period indicates an anomaly. > that's a great idea. and, unlike many of our clever ideas, very very easy to do! hurrah! i think people tend not to think about trending their system logs because it's a lot harder to quantify them -- that is, you can do categorical analysis, and statistics with integers, but it's a lot harder to determine "exactly the same" message than it is to determine "exactly the same" packet :-( _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed Aug 18 2004 - 13:59:53 PDT