Kai, Well welcome. I would say to start off I would start looking at splunk and splunkbase. This might help you get started on some issues. But as you have seen there isn't really all too much written out their that makes alot of sense. I guess most people are still trying to figure some fundamental stuff out. Questions like: - What am I looking for. And how do I see stuff I am not looking for but know that are interesting. - Once I've got this how do I make this process that is manual an automated one. - Are the devices delivering the logs really auditing enough and where do I put all the data. it goes on and on. I have worked on quite a few Security Event Monitoring projects and have found that each question is answered differently per client. So google up splunk and splunk base and take it from there. Bytesman -- --- bytesman visualize any IP traffic on Google Earth with Log2Googleearth. http://www.bytesman.com _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Sat Sep 16 2006 - 01:57:40 PDT