Security Incidents mailing list archives
Looking for program to analyze logs
From: moeller () CERT DFN DE (Klaus Moeller)
Date: Wed, 22 Mar 2000 10:56:08 +0100
-----BEGIN PGP SIGNED MESSAGE----- Mieth Lindsay writes:
Reviewing your messages and seeing the traffic I am working with, I have surmised that you have some pretty decent tools to work with. Our PIX produces about 500mb of logs a day which means I might as well not have logging since there is no way I can review this amount of data myself. Would you please recommend an analyzing tool to break out the important or at least likely important information from the logs?
logsurfer - has some pretty nice capabilities that go beyond simple regexp parsing like grep. Although it can consume quite a bit of CPU if used with large an complex rulebases. ftp://ftp.cert.dfn.de/pub/tools/audit/logsurfer/ Klaus Moeller - -- Klaus Moeller | mailto:moeller () cert dfn de DFN-CERT GmbH | Vogt-Koelln-Str. 30 | Phone: +49(40)42883-2262 D-22527 Hamburg | FAX: +49(40)42883-2241 Germany | PGP-Key: finger moeller () ftp cert dfn de -----BEGIN PGP SIGNATURE----- Version: 2.6.2i Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface iQEVAwUBONiYl4rEggYLt8j5AQH5gwf+ODuEcwULq+OIJEem8Em7i4PZ5tRVpiXT BMwiyDvaPHUEOIR0MOTAUVOXNgLzxg+R+VA5+0nM1dADExyOru46M7a8Y75UNVwl N8+F2wGT23B3LF+rE73mrKZfEQ6Fh2p4oM0pJsPX98D9EQNcFEAS5DSVtJmgWhxu dQFr6hsfY7kCyyhnD/psNQ8RHLX2tzdFbU+wKuXriSeW6TIILEwwdVOGP45plD/g 3SArSIWw9fbzJGvMuli3JtVw9hkOPeb2GwYJf9MmSCitBZRnWcU0sjkeuDhA3Apc LRufSnvYCAOK0b7Y0WvbIqqX+wgtIrLcwOtHBl9Wd6XHLM/BFwIexw== =9bms -----END PGP SIGNATURE-----
Current thread:
- Looking for program to analyze logs Mieth Lindsay (Mar 21)
- Looking for program to analyze logs Klaus Moeller (Mar 22)
- Re: Looking for program to analyze logs (CMDS from ODS) Ron Gula (Mar 22)
- Re: Looking for program to analyze logs Brian Macke (Mar 22)
- Re: Looking for program to analyze logs - - (Mar 22)
- FTP connection attempts JF Prieur (Mar 23)
- Re: FTP connection attempts Bill Pennington (Mar 24)
- Re: Looking for program to analyze logs Nicholas de Jong (Mar 22)