Security Basics mailing list archives

Re: Automated analysis of logs?

From: "Jon Pastore" <jpastore () idetech net>
Date: Sun, 13 Apr 2003 09:06:38 -0400

fair statement but if you reverse the process of your scripts to output
unknown or exceptions this will speed up the under funded IT dept's efforts
in log analysis...I don't have time to look @ logs all day...I'd rather eat
pain killers they'd be more fun and I'd fall asleep just as fast =) my eyes
start to glaze over after a few thousand lines =)

I guess really it's all in the logic of your analysis tools and what you're
trying to analyze.  Most tools are designed for the intent of trending for
proactive IT efforts.  Security based scripts for analysis should be
effective and think if properly coded would help in expediting an attack or
misuse or exploit

-Jon
----- Original Message -----
From: "Kinsey, Robert" <Robert.Kinsey () Veridian com>
To: <security-basics () securityfocus com>
Sent: Friday, April 11, 2003 4:27 PM
Subject: RE: Automated analysis of logs?

With all due respect to the previous posters I would have to say one

thing.


Scripts and these other "automated" tools are for _trend_analysis_.

All I have ever seen shows me that any automated tool or script will

simply

correlate events - they do not even compete with a live analyst.

my .02.

Regards,

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free

technical support.

Stop SPAM before it stops you.
-------------------------------------------------------------------



-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------

Current thread:

Automated analysis of logs? Mark G. Spencer (Apr 08)
- Re: Automated analysis of logs? K. K. Mookhey (Apr 09)
- Re: Automated analysis of logs? Tomasz Onyszko (Apr 10)
- <Possible follow-ups>
- RE: Automated analysis of logs? Moeckel, Sharon (Apr 09)
  - Event correlation and log Analysis techniques? Dr. S. A. Vetha Manickam (Apr 10)
- Re: Automated analysis of logs? H Carvey (Apr 09)
- RE: Automated analysis of logs? Trevor Cushen (Apr 10)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 12)
  - Re: Automated analysis of logs? Jon Pastore (Apr 14)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 15)