Re: Automated analysis of logs?

[H Carvey <keydet89 () yahoo com>]

In-Reply-To: <001d01c2fdf4$2c403c50$b600000a@alderon>


> Are there any open-source applications that I can drop
various kinds of =
> logs
> into (especially IIS logs) and get not only
statistics, but information
> and/or "warnings" about various kind of known activity?  

I've written Perl scripts to do exactly this sort of
thing.  The big issue is that not everyone clicks on
all of the check boxes when they configure IIS logging.
 When I worked at a telecomm company, we had an ISP
that had a lot of IIS servers...it seemed as if no two
had the same items checked!  

What I generally do is get an idea of what is the
'normal' activity.  For example, on systems running
OWA, one would expect to see queries that begin w/
"exchange".  Then I start filtering out all normal
traffic from the logs, narrowing that down.  

Hope that helps,

Harlan

-------------------------------------------------------------------
Is SPAM over-loading your e-mail server, disk space or bandwidth?
SurfControl E-Mail Filter is flexible, intelligent and policy-driven
protection.
http://www.securityfocus.com/SurfControl-security-basics2
Download your free fully functional trial, complete with 30-days of free technical support.
Stop SPAM before it stops you.
-------------------------------------------------------------------