Security Basics mailing list archives
Event correlation and log Analysis techniques?
From: "Dr. S. A. Vetha Manickam" <avmanickam () yahoo com>
Date: Wed, 9 Apr 2003 10:28:34 -0700 (PDT)
Dear ALl, Is there any standard or Event Correlation techniques available for log analysis of Firewall, IDS and other systems? --- "Moeckel, Sharon" <smoeckel () co bucks pa us> wrote:
There is a pretty good log analysis mail list. You can sign up at: http://lists.shmoo.com/mailman/listinfo/loganalysis -----Original Message----- From: Mark G. Spencer [mailto:mspencer () evidentdata com] Sent: Tuesday, April 08, 2003 1:28 PM To: security-basics () securityfocus com Subject: Automated analysis of logs? I read through much of the prior thread on analysis of logs and apparently the applications mentioned will provide statistics, but they don't actually make any determinations about activity. Are there any open-source applications that I can drop various kinds of logs into (especially IIS logs) and get not only statistics, but information and/or "warnings" about various kind of known activity? Things like Nimda scanning, backdoor attempts, etc. I'm not looking for 100% precision when identifying activity, but if I can identify or in some cases filter out all known activity and concentrate on unknown, that would be really helpful. The last time I went through an IIS log I put together a homegrown Access database and began classifying activity. You can imagine the amount of time this took .. ;) I know some people are more proactive about this and stick a Snort box upstream, but in most cases I am responding to an event where the deed has been done and I can't go back in time, so I only have logs available to me. If there are no OS solutions, is there a well regarded commercial product that can do this? Mark ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. ------------------------------------------------------------------- ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
===== __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - File online, calculators, forms, and more http://tax.yahoo.com ------------------------------------------------------------------- Is SPAM over-loading your e-mail server, disk space or bandwidth? SurfControl E-Mail Filter is flexible, intelligent and policy-driven protection. http://www.securityfocus.com/SurfControl-security-basics2 Download your free fully functional trial, complete with 30-days of free technical support. Stop SPAM before it stops you. -------------------------------------------------------------------
Current thread:
- Automated analysis of logs? Mark G. Spencer (Apr 08)
- Re: Automated analysis of logs? K. K. Mookhey (Apr 09)
- Re: Automated analysis of logs? Tomasz Onyszko (Apr 10)
- <Possible follow-ups>
- RE: Automated analysis of logs? Moeckel, Sharon (Apr 09)
- Event correlation and log Analysis techniques? Dr. S. A. Vetha Manickam (Apr 10)
- Re: Automated analysis of logs? H Carvey (Apr 09)
- RE: Automated analysis of logs? Trevor Cushen (Apr 10)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 12)
- Re: Automated analysis of logs? Jon Pastore (Apr 14)
- RE: Automated analysis of logs? Kinsey, Robert (Apr 15)