IDS mailing list archives
RE: Random IDS Thoughts [WAS: Re: IDS thoughts]
From: "Mike Lyman" <mlyman () west-point org>
Date: Thu, 12 Jun 2003 11:11:25 -0700
I am still in the development/proof of concept stage and
experimenting
with different ideas at the moment. I would like to consolidate
logs
from syslog (using msyslog), Windows (syslogNT), and application
logs.
I am just starting the hunt for application log -> SQL database
import
utilities for both Apache, IIS and some others. Could you recommend any programs that are capable of doing this?
We have OS religion and are strictly a Microsoft shop. That simplifies things since a we are not trying to support multiple platforms and log formats. In some case we have relied on tools like Microsoft Operations Manager and will be using Microsoft Audit Collection System (currently in beta). In a few places, other groups created tools to consolidate data for their purposes and we took a feed of the data as well or used their database. Almost all of it consists of home grown tools to tackle a specific problem. Most have been developed by our internal LOB applications developers but the .Net framework has made a lot of this a breeze to do when it comes to collecting and moving the data around and I've been doing a lot of that work myself. (Far easier than building a business case, getting it approved and budgeted, spending weeks working out the specs and then a few months waiting for the tool.) Requires more work than using somebody else's tools but they then work the way we want them to. As far as data mining, what I know I have simply picked up from SQL Server classes, references and picking the brains of DBAs and other SQL gurus I work around. I am trying to either get into a real data mining course or at least finish Claude Seidman's Data Mining with Microsoft SQL Server 2000 but have not had the time to do either yet. Mike Lyman mlyman () west-point org ------------------------------------------------------------------------------- INTRUSION PREVENTION: READY FOR PRIME TIME? IntruShield now offers unprecedented Intrusion IntelligenceTM capabilities - including intrusion identification, relevancy, direction, impact and analysis - enabling a path to prevention. Download the latest white paper "Intrusion Prevention: Myths, Challenges, and Requirements" at: http://www.securityfocus.com/IntruVert-focus-ids2 -------------------------------------------------------------------------------
Current thread:
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Stefano Zanero (Jun 02)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Roger A. Grimes (Jun 07)
- <Possible follow-ups>
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Stefano Zanero (Jun 02)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Magnus Almgren (Jun 03)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] SecurIT Informatique Inc. (Jun 03)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Steven Rudolph (Jun 12)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Bill Royds (Jun 13)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] oudot laurent (Jun 17)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Devdas Bhagat (Jun 14)
- Re: Random IDS Thoughts [WAS: Re: IDS thoughts] Anton A. Chuvakin (Jun 17)
- RE: Random IDS Thoughts [WAS: Re: IDS thoughts] Mike Lyman (Jun 07)