So did anyone ever sit down and draw up a list of the policies that these logs enforce? Todd ----- Original Message ----- From: "Adrian Grigorof" <adi@private> To: <cbrenton@private>; <LogAnalysis@private> Sent: Wednesday, May 17, 2006 8:34 PM Subject: [logs] Re: Which reports are most important? > Chris, > > This has already been discussed. Here is the summary that I compiled for > that thread: > > http://www.eventid.net/firewalls/MostPopularReports.asp > > Regards, > > Adrian Grigorof > www.firegen.com > > ----- Original Message ----- > From: "Chris Brenton" <cbrenton@private> > To: <LogAnalysis@private> > Sent: Wednesday, May 17, 2006 10:32 PM > Subject: [logs] Which reports are most important? > > > > Hey all, > > > > I'm involved with helping SANS organize the logging summit this July. As > > part of that, I was hit with a question that I thought could be best > > answered via feedback from the group. > > > > What do you feel are the top 5 reports a centralized log management > > system should provide? > > > > For example, a few I came up with: > > > > Authentication failures (Web, system access, VPNs, etc.) > > Access failures (HTTP scripts, recursion requests, etc.) > > Initialization of new/unknown processes > > Unexpected outbound traffic through the firewall (IRC, TFTP, SMTP, etc.) > > > > I would love to see a similar list from other folks on the list. > > > > Cheers, > > Chris > > > > > > _______________________________________________ > > LogAnalysis mailing list > > LogAnalysis@private > > http://lists.shmoo.com/mailman/listinfo/loganalysis > > > > > > _______________________________________________ > LogAnalysis mailing list > LogAnalysis@private > http://lists.shmoo.com/mailman/listinfo/loganalysis _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu May 18 2006 - 11:31:25 PDT