Automated analysis of logs?
From: Mark G. Spencer (mspencer@evidentdata.com)
Date: 04/08/03
- Previous message: Dina Kamal: "REsession-hijacking is still available?"
- Next in thread: Moeckel, Sharon: "RE: Automated analysis of logs?"
- Maybe reply: Moeckel, Sharon: "RE: Automated analysis of logs?"
- Reply: K. K. Mookhey: "Re: Automated analysis of logs?"
- Maybe reply: H Carvey: "Re: Automated analysis of logs?"
- Reply: Tomasz Onyszko: "Re: Automated analysis of logs?"
- Maybe reply: Trevor Cushen: "RE: Automated analysis of logs?"
- Maybe reply: Kinsey, Robert: "RE: Automated analysis of logs?"
- Maybe reply: Kinsey, Robert: "RE: Automated analysis of logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Mark G. Spencer" <mspencer@evidentdata.com> To: <security-basics@securityfocus.com> Date: Tue, 8 Apr 2003 10:27:46 -0700
I read through much of the prior thread on analysis of logs and apparently
the applications mentioned will provide statistics, but they don't actually
make any determinations about activity.
Are there any open-source applications that I can drop various kinds of logs
into (especially IIS logs) and get not only statistics, but information
and/or "warnings" about various kind of known activity? Things like Nimda
scanning, backdoor attempts, etc. I'm not looking for 100% precision when
identifying activity, but if I can identify or in some cases filter out all
known activity and concentrate on unknown, that would be really helpful.
The last time I went through an IIS log I put together a homegrown Access
database and began classifying activity. You can imagine the amount of time
this took .. ;)
I know some people are more proactive about this and stick a Snort box
upstream, but in most cases I am responding to an event where the deed has
been done and I can't go back in time, so I only have logs available to me.
If there are no OS solutions, is there a well regarded commercial product
that can do this?
Mark
-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------
- Previous message: Dina Kamal: "REsession-hijacking is still available?"
- Next in thread: Moeckel, Sharon: "RE: Automated analysis of logs?"
- Maybe reply: Moeckel, Sharon: "RE: Automated analysis of logs?"
- Reply: K. K. Mookhey: "Re: Automated analysis of logs?"
- Maybe reply: H Carvey: "Re: Automated analysis of logs?"
- Reply: Tomasz Onyszko: "Re: Automated analysis of logs?"
- Maybe reply: Trevor Cushen: "RE: Automated analysis of logs?"
- Maybe reply: Kinsey, Robert: "RE: Automated analysis of logs?"
- Maybe reply: Kinsey, Robert: "RE: Automated analysis of logs?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
