On Thu, Aug 19, 2004 at 11:41:41AM -0700, Tina Bird wrote: > messages specific to that platform." I mean they give me all these > sophistiated architectures for building custom alerts based on what I care > about, and very little in the way of tools that help me quickly identify > things which are "odd." Well, hell. That's not a sufficient improvement > over the open source tools to make them worth the money...maybe it will be > soon... The way I've approached it, in my own worthless way, is to tell the tools the stuff that I'm *not* interested in. Data reduction is a must in a large centrally logging environment. You then pick through the rest to find the good nuggets. Approaching logs looking at *all* the data is simply a way to lose sleep/hair/braincells. You can then apply the fancy tools to visualize the important stuff, and, by default, the stuff you never expected to see, since you didn't way you didn't care about it. Tim -- Tim Sailer <sailer@private> Information and Special Technologies Program Office of CounterIntelligence Brookhaven National Laboratory (631) 344-3001 _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Aug 19 2004 - 12:30:13 PDT