Hi Devdas, I know this is completely off the topic, but have you considered having someone like Postini to handle first level inbound email. You basically change your MX to them and restrict your inbound SMTP connections to their server. We used to run PerlMX engine/filter from Activestate but finally moved to Postini as they had a nice self user managed quarantine system. This turns out to be cheaper to deal with than dealing with the headache of managing the feedback loop. Our biggest concern was someone losing a business critical email. The Postini solution required the user to review the quarantine queue which solved the problem. Ashish Desai Fidelity Investments -----Original Message----- From: loganalysis-bounces+ashish.desai=fmr.com@private [mailto:loganalysis-bounces+ashish.desai=fmr.com@private] On Behalf Of Devdas Bhagat Sent: Sunday, June 18, 2006 6:48 PM To: Stefano Zanero Cc: loganalysis@private Subject: [logs] Re: Data mining On 18/06/06 22:08 +0200, Stefano Zanero wrote: > Devdas Bhagat wrote: > > Does anyone have suggestions for data mining of logs for security > > issues? > > > > I am looking at a few gigabytes of daily logs (about 1.5 terabyte/month) > > Could you send on or offlist a sanitized sample ? To let us know what > you are looking at. > _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Mon Jun 19 2006 - 15:18:09 PDT