Does anyone have suggestions for data mining of logs for security issues? I am looking at a few gigabytes of daily logs (about 1.5 terabyte/month) to be analysed for long term patterns (in particular, trying to detect botnets and zombied hosts which are trying to look normal by sending out only a few messages a day). Being able to detect dynamic IP blocks based on such patterns would be nice as well. Devdas Bhagat _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sun Jun 18 2006 - 12:26:52 PDT