RE: [logs] most popular reports...?

• Previous message: Jason Haar: "Re: [logs] most popular reports...?"
• Maybe in reply to: Marcus J. Ranum: "[logs] most popular reports...?"
• Next in thread: Adrian Grigorof: "Re: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

there are a number of tools available. Any central console worth
the price you'll pay for one (in cash and blood/sweat/tears) 
should be able to do this. 
The first example I came across was PigSentry for Snort. Of course
it's free and works pretty well. :) And it was available 4 years
ago before any of the commercial products I saw had the ability.

t 

>-----Original Message-----
>From: 
>loganalysis-bounces+toby.kohlenberg=intel.com@private 
>[mailto:loganalysis-bounces+toby.kohlenberg=intel.com@private
>oo.com] On Behalf Of Williams Jon
>Sent: Friday, August 20, 2004 5:48 AM
>To: Kohlenberg, Toby; loganalysis@private
>Subject: RE: [logs] most popular reports...?
>
>Perhaps I missed it, but how are you performing said statistical
>analysis?  Do you have self-written scripts, or is there a tool out
>there that does this?  This is one of those things that I've been
>thinking about for a while, but lacking any informed background in
>statistical analysis, its been beyond me to develop on my own.
>
>Jon
>
>-----Original Message-----
>From: loganalysis-bounces+williamsjon=johndeere.com@private
>[mailto:loganalysis-bounces+williamsjon=johndeere.com@private]
>On Behalf Of Kohlenberg, Toby
>Sent: Friday, August 20, 2004 12:38 AM
>To: Anton A. Chuvakin; Marcus J. Ranum; loganalysis@private
>Subject: RE: [logs] most popular reports...?
>
>Definitely. In fact I'll take a second and mention my favorite use for
>statistical operators- telling me about anything that changes
>significantly.
>Don't tell me when you see some random event, tell me when the 
>number of
>events of a specific type increases by 50%. That give me 0->1, 1->2,
>2->3,
>3->5, 100->150, etc...
>Which means that I catch all the rare events and I catch the large
>changes in the noisy events.
>
>
>_______________________________________________
>LogAnalysis mailing list
>LogAnalysis@private
>http://lists.shmoo.com/mailman/listinfo/loganalysis
>
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis

• Previous message: Jason Haar: "Re: [logs] most popular reports...?"
• Maybe in reply to: Marcus J. Ranum: "[logs] most popular reports...?"
• Next in thread: Adrian Grigorof: "Re: [logs] most popular reports...?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 20 2004 - 16:48:21 PDT