[logs] Data mining

From: Devdas Bhagat (devdas@private)
Date: Fri Jun 16 2006 - 11:44:41 PDT


Does anyone have suggestions for data mining of logs for security
issues?

I am looking at a few gigabytes of daily logs (about 1.5 terabyte/month)
to be analysed for long term patterns (in particular, trying to detect
botnets and zombied hosts which are trying to look normal by sending
out only a few messages a day).

Being able to detect dynamic IP blocks based on such patterns would be
nice as well.

Devdas Bhagat
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis



This archive was generated by hypermail 2.1.3 : Sun Jun 18 2006 - 12:26:52 PDT