Security Basics mailing list archives
Re: Automated analysis of logs?
From: H Carvey <keydet89 () yahoo com>
Date: 9 Apr 2003 12:02:58 -0000
In-Reply-To: <001d01c2fdf4$2c403c50$b600000a@alderon>
Are there any open-source applications that I can drop
various kinds of =
logs into (especially IIS logs) and get not only
statistics, but information
and/or "warnings" about various kind of known activity?
I've written Perl scripts to do exactly this sort of thing. The big issue is that not everyone clicks on all of the check boxes when they configure IIS logging. When I worked at a telecomm company, we had an ISP that had a lot of IIS servers...it seemed as if no two had the same items checked! What I generally do is get an idea of what is the 'normal' activity. For example, on systems running OWA, one would expect to see queries that begin w/ "exchange". Then I start filtering out all normal traffic from the logs, narrowing that down. Hope that helps, Harlan ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- Automated analysis of logs? Mark G. Spencer (Apr 08)
- Re: Automated analysis of logs? K. K. Mookhey (Apr 09)
- Re: Automated analysis of logs? Tomasz Onyszko (Apr 10)
- <Possible follow-ups>
- RE: Automated analysis of logs? Moeckel, Sharon (Apr 09)
- Event correlation and log Analysis techniques? Dr. S. A. Vetha Manickam (Apr 10)
- Re: Automated analysis of logs? H Carvey (Apr 09)
- RE: Automated analysis of logs? Trevor Cushen (Apr 10)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 12)
- Re: Automated analysis of logs? Jon Pastore (Apr 14)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 15)