PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: best automated way to construct a timeline from websense logs?

From: Alex <alex.tsr () gmail com>
Date: Fri, 7 Jun 2013 20:40:41 +0200
Maybe you can use logstash?
It has several different filters and outputs that you can use. For
example filter it through Grok and send it to Elastic Search, statsd,
etc.

See http://logstash.net/docs/1.1.13/ and if you decide to use Elastic
Search, take a look at Kibana as well, http://three.kibana.org/

Cheers,
Alex.

On 7 June 2013 03:36, allison nixon <elsakoo () gmail com> wrote:

So I have several gigs of webnonsense logs and I am trying to construct a
timeline of malware infection as it spreads from IP to IP.  I already know
what the malicious URLs look like so that's not the issue.  I want to be
able to build a timeline of activity to describe the first moment a computer
was infected and I want to illustrate when the phone home traffic hops from
domain to domain.

I can sort of do it with some artful use of grep and excel, but it's hard to
make that scale to more than a small sample of the logs.  I fed it to a
trial copy of Splunk and it exploded while giving me nothing useful.  Are
there any tools out there that I can use for this?  I don't want to pay
money for it because it's a one-off, but so far nothing can compete with
good ol grep

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Cheers, Alex.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: