> the same story. It doesn't help you to look at them with "more" > either. > I may be misrepresenting my esteemed colleague (I'm confident marcus will let us >all< know if I've done that ;-), but I think his point was that there is no point to starting with the fancy interpretive tools if you have >not< just sat there at looked at the bloody things with "more." Not teaching the students that using the eyeball/brain combination is useless >by< using "more." One of my biggest problems with the entire industry of log analysis/visualization/SEM is that at least for the products I've looked at closely enough to have an opinion -- they all depend on ME (the individual system administrator) to tell them what events I care about. I don't mean just the trivial "I have an Extreme Alpine on my network, so I care about messages specific to that platform." I mean they give me all these sophistiated architectures for building custom alerts based on what I care about, and very little in the way of tools that help me quickly identify things which are "odd." Well, hell. That's not a sufficient improvement over the open source tools to make them worth the money...maybe it will be soon... yours in curmudgeonliness -- tbird _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 11:42:02 PDT