this is done by hand by the handlers for the Internet Storm Center but I don't think it's done automatically yet. Wouldn't be hard though. t >-----Original Message----- >From: >loganalysis-bounces+toby.kohlenberg=intel.com@private >[mailto:loganalysis-bounces+toby.kohlenberg=intel.com@private >oo.com] On Behalf Of Jose Nazario >Sent: Wednesday, August 18, 2004 12:14 PM >To: loganalysis@private >Subject: RE: [logs] most popular reports...? > >is no one doing any trend analysis (ie fasting rising ports being hit)? >all i see listed so far are static "top N" reports. if you >have more than >a handful of servers for any of those services they'll always swamp out >the interesting bits in "top N" reports. trend analysis can yield more >insightful results, but you have to have a decent window and additional >filters in place to spot real trends (as opposed to the normal ebb and >flow of traffic). > >________ >jose nazario, ph.d. jose@private >http://monkey.org/~jose/ http://infosecdaily.net/ >_______________________________________________ >LogAnalysis mailing list >LogAnalysis@private >http://lists.shmoo.com/mailman/listinfo/loganalysis > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 09:48:02 PDT