Chris Brenton wrote: >What do you feel are the top 5 reports a centralized log management >system should provide? There was a thread about this back a zillion years ago... From my SANS tutorial on logging: – Top N machines sending/receiving traffic through the firewall – Top N machines sending/receiving traffic on the network segment • Same as above but inward-looking – Top N machines being accessed behind the firewall – Breakdown of traffic through firewall by service (%-age) • This is popular as a pie chart – Breakdown of traffic on the network segment by service (%-age) • Same as above but inward-looking – Top N email address(es) sending Email messages – Top N email address(es) receiving Email messages – Top N machines accessing web – Top N targets identified in IDS alerts – Top N IDS attacks identified – %age of Email that is identified as spam – %age of Email that contains blocked attachments – %age of web traffic aimed at sites on porn blacklist – %age of traffic aimed at sites on spy/adware blacklist – Top N porn-surfers – Top N most-ad/spyware infected systems – New machines that have served WWW/FTP/SMTP today mjr. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 11:30:24 PDT