PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

best automated way to construct a timeline from websense logs?

From: allison nixon <elsakoo () gmail com>
Date: Thu, 6 Jun 2013 21:36:45 -0400
So I have several gigs of webnonsense logs and I am trying to construct a
timeline of malware infection as it spreads from IP to IP.  I already know
what the malicious URLs look like so that's not the issue.  I want to be
able to build a timeline of activity to describe the first moment a
computer was infected and I want to illustrate when the phone home traffic
hops from domain to domain.

I can sort of do it with some artful use of grep and excel, but it's hard
to make that scale to more than a small sample of the logs.  I fed it to a
trial copy of Splunk and it exploded while giving me nothing useful.  Are
there any tools out there that I can use for this?  I don't want to pay
money for it because it's a one-off, but so far nothing can compete with
good ol grep

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: