Hey all, I'm involved with helping SANS organize the logging summit this July. As part of that, I was hit with a question that I thought could be best answered via feedback from the group. What do you feel are the top 5 reports a centralized log management system should provide? For example, a few I came up with: Authentication failures (Web, system access, VPNs, etc.) Access failures (HTTP scripts, recursion requests, etc.) Initialization of new/unknown processes Unexpected outbound traffic through the firewall (IRC, TFTP, SMTP, etc.) I would love to see a similar list from other folks on the list. Cheers, Chris _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed May 17 2006 - 19:35:11 PDT