Chris, This has already been discussed. Here is the summary that I compiled for that thread: http://www.eventid.net/firewalls/MostPopularReports.asp Regards, Adrian Grigorof www.firegen.com ----- Original Message ----- From: "Chris Brenton" <cbrenton@private> To: <LogAnalysis@private> Sent: Wednesday, May 17, 2006 10:32 PM Subject: [logs] Which reports are most important? > Hey all, > > I'm involved with helping SANS organize the logging summit this July. As > part of that, I was hit with a question that I thought could be best > answered via feedback from the group. > > What do you feel are the top 5 reports a centralized log management > system should provide? > > For example, a few I came up with: > > Authentication failures (Web, system access, VPNs, etc.) > Access failures (HTTP scripts, recursion requests, etc.) > Initialization of new/unknown processes > Unexpected outbound traffic through the firewall (IRC, TFTP, SMTP, etc.) > > I would love to see a similar list from other folks on the list. > > Cheers, > Chris > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis > > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Wed May 17 2006 - 20:39:54 PDT