Re: Any good log analysis/forensics tools?

From: Ty Bodell (tebodell_at_gmail.com)
Date: 04/07/05

  • Next message: hartmann: "RE: SUS server"
    Date: Wed, 6 Apr 2005 19:51:41 -0500
    To: ricci@cs.ust.hk
    
    

    Ricci--
    1.) Try WebHistorian from www.red-cliff.com for browser history, but
    if by "web log" you mean webserver logs you can probably just script
    something up or if you've got Apache then i'd recommend the tools
    package at apachesecurity.net
    (http://apachesecurity.net/tools/index.html) and the logscan script.

    3.) For a forensics framework see the Computer Crime Investigation
    Framework(CCIF) from www.oissg.org (it's been down for a day or two,
    not sure why but bookmark it and keep trying.)

    HTH,
    Tebodell

    On Apr 5, 2005 7:51 PM, ricci <ricci@cs.ust.hk> wrote:
    > Hello All,
    >
    > I'm trying to test some good log analysis and forensics tools, can you give
    > me some idea?
    >
    > 1. Is there any recommended web log analysis tools? Is there any tools with
    > forensics investigation and vulnerability identification feature?
    >
    > 2. Is there any recommended Lotus Notes log analysis tools?
    >
    > 3. Any comment on OSSIM? Is OSSIM working well? What kind of forensics
    > features it has provided?
    >
    > Thanks.
    >
    > Ricci
    >
    > ---------------------------------------------------------------------------
    > Earn your MS in Information Security ONLINE
    > Organizations worldwide are in need of highly qualified information security
    > professionals. Norwich University is fulfilling this demand with its MS in
    > Information Security offered online. Recognized by the NSA as an
    > academically excellent program, NU offers you the opportunity to earn your
    > degree without disrupting your home or work life.
    >
    > http://www.msia.norwich.edu/secfocus_en
    > ----------------------------------------------------------------------------
    >
    >

    ---------------------------------------------------------------------------
    Earn your MS in Information Security ONLINE
    Organizations worldwide are in need of highly qualified information security
    professionals. Norwich University is fulfilling this demand with its MS in
    Information Security offered online. Recognized by the NSA as an
    academically excellent program, NU offers you the opportunity to earn your
    degree without disrupting your home or work life.

    http://www.msia.norwich.edu/secfocus_en
    ----------------------------------------------------------------------------


  • Next message: hartmann: "RE: SUS server"

    Relevant Pages

    • RE: Microsoft Software Auditing ?
      ... csv file, dump it into a database (SQL, MySQL, PostGrep, etc). ... Via script ... need of highly qualified information security professionals. ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • RE: Microsoft Software Auditing ?
      ... If this will meet your needs, you can write a script to show the same output ... This is how Add/Remove Programs ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • RE: bash_history
      ... > root dir, backups from this files, that was created in real time. ... use script. ... Earn your MS in Information Security ONLINE ...
      (Security-Basics)
    • Re: user default password checking tool
      ... Nice script idea but one question, if you choosed to block the account ... >>> The NSA has designated Norwich University a center of Academic ... >>> in Information Security. ...
      (Security-Basics)
    • Re: user default password checking tool
      ... Nice script idea but one question, if you choosed to block the account ... >>> The NSA has designated Norwich University a center of Academic ... >>> in Information Security. ... Our program offers unparalleled Infosec ...
      (Security-Basics)