Re: Beta testers for Web server Security Log Analysis

• Previous message: Andrew Mayo: "Re: embedded keys - there has to be a less vulnerable approach"
• In reply to: Sascha Teifke: "Re: Beta testers for Web server Security Log Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 26 Jun 2003 13:43:40 GMT

Comments inline.

On Wed, 25 Jun 2003, Sascha Teifke wrote:

> I would sleep better if you'd have a packet for downloading which is
> installable on my own server.

Sure, I could do that. But that defeats my purpose of having a mail-in,
mail-out analysis system. Plus, everyone who wants to do log analysis
doesn't always want to install another product.

> I wouldn't be a good hoster if I send the
> whole Logfile to a 3rd person who I don't know for searching for a
> security issue.
> Sure, I could send it encrpyted but who tells me that you're trustworthy?

Likewise; what tells me that YOU are trustworthy... ;o)

> Isn't it a bad idea to wait for everybody for sending in their server logs?

I hear what you are saying, and sure enough, I agree. At least to some
extent.

But my idea is this: There are many, maybe millions, of websites that log
their users actions - but no one ever looks at the logs. Why? Presumably
because 1) the admin doesn't know why the logs are important, 2) doesnt
have the time/funds/knowledge to look at them.

By mailing them to a third pary for analysis - you can easily get a report
with the tools you already have. No need to install new software, another
service, new machines etc. As long as you have e-mail and a logfile -
your'e apt!

And this is where I requested assistance - in commenting the output of the
report. The receiver should quickly be able to see if there are any
problems that require attention or actions.

Try it, you might like it.

~Mike

• Previous message: Andrew Mayo: "Re: embedded keys - there has to be a less vulnerable approach"
• In reply to: Sascha Teifke: "Re: Beta testers for Web server Security Log Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Modifying reports with VB6 ... that you cannot use the runtime to open a report in design view, ... Dave Hargis, Microsoft Access MVP ... Dim strDevModeExtra As String ... possible, if you have it, to install a run time version of ... (microsoft.public.access.reports) Re: Software Update - Distribution Status; How is this reported back t ... clients report back, and it works fine. ... clients reported back as having SP2 installed. ... these specific messages relating to "Install Verified" ... most machines have reported back that SP2 is indeed installed, ... (microsoft.public.sms.admin) Re: Microsoft "Messenger Service" ... use NET SEND if the proper Microsoft ports 135-137 are not open. ... Since this is my home machine, my girls did use to use Yahoo or MSN chat ... installation logs and found some MSN CHAT install problem. ... I was very busy and I didn't follow all the details of this report, ... (comp.security.misc) Re: Viewing TV tuner in a window ... *Report back, please* ... name but i dont know what i did to get that error message. ... >I recently did some maintainance on my PC (registry cleanup, windows ... > I do not have install discs, only a recovery partition (as supplied by ... (microsoft.public.windows.mediacenter) Re: Booting Debian/testing fails ... Failure to install the boot-loader, ... when I break my Linux I _can_ fix it myself. ... I reported the bootloader problem in the installation report and figure ... (Debian-User)