Security Basics mailing list archives
Re: Automated analysis of logs?
From: "Jon Pastore" <jpastore () idetech net>
Date: Sun, 13 Apr 2003 09:06:38 -0400
fair statement but if you reverse the process of your scripts to output unknown or exceptions this will speed up the under funded IT dept's efforts in log analysis...I don't have time to look @ logs all day...I'd rather eat pain killers they'd be more fun and I'd fall asleep just as fast =) my eyes start to glaze over after a few thousand lines =) I guess really it's all in the logic of your analysis tools and what you're trying to analyze. Most tools are designed for the intent of trending for proactive IT efforts. Security based scripts for analysis should be effective and think if properly coded would help in expediting an attack or misuse or exploit -Jon ----- Original Message ----- From: "Kinsey, Robert" <Robert.Kinsey () Veridian com> To: <security-basics () securityfocus com> Sent: Friday, April 11, 2003 4:27 PM Subject: RE: Automated analysis of logs?
With all due respect to the previous posters I would have to say one
thing.
Scripts and these other "automated" tools are for _trend_analysis_. All I have ever seen shows me that any automated tool or script will
simply
correlate events - they do not even compete with a live analyst. my .02. Regards, ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free
technical support.
Stop SPAM before it stops you. -------------------------------------------------------------------
------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- Automated analysis of logs? Mark G. Spencer (Apr 08)
- Re: Automated analysis of logs? K. K. Mookhey (Apr 09)
- Re: Automated analysis of logs? Tomasz Onyszko (Apr 10)
- <Possible follow-ups>
- RE: Automated analysis of logs? Moeckel, Sharon (Apr 09)
- Event correlation and log Analysis techniques? Dr. S. A. Vetha Manickam (Apr 10)
- Re: Automated analysis of logs? H Carvey (Apr 09)
- RE: Automated analysis of logs? Trevor Cushen (Apr 10)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 12)
- Re: Automated analysis of logs? Jon Pastore (Apr 14)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 15)