Re: Integrating logs from PIX, IIS and WAS

[phunked up! <phunkodelic () gmail com>]

Not a bad book either.  I own it.  8-)

On 10/28/05, Andrew Williams <Andrew () syngress com> wrote:
> If you want more info on Log Parser, we published a book on it:
>
> http://www.amazon.com/exec/obidos/tg/detail/-/1932266526/qid=1130505795/
> sr=2-1/ref=pd_bbs_b_2_1/104-2058717-7732767?v=glance&s=books
>
> -Andrew
>
> -----Original Message-----
> From: phunked up! [mailto:phunkodelic () gmail com]
> Sent: Thursday, October 27, 2005 8:35 AM
> To: Luis Angel Fernandez
> Cc: security-basics () securityfocus com
> Subject: Re: Integrating logs from PIX, IIS and WAS
>
> Go to www.logparser.com.  Use that with a back end database such as
> MySQL or micorosft Sql (express is free) which will allow you to do
> analysis of the logs.  I am also doing the same sort  of thing and am
> using the above mentioned tools.
>
> On 10/26/05, Luis Angel Fernandez <lafernandez () matchmind es> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >    Hello,
> >
> >    I am investigating about tools for integrate (store and analysis)
> > logs from different souces (Cisco PIX, IIS, WAS app server, syslog).
> The
> > goal is be able of follow up a the behavior of a possible intruder
> > throught a scenario based on that products. Which is your method for
> > doing a forensic task like this? Which tools could help for this task?
> >
> >    Regards.
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.1 (GNU/Linux)
> > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> >
> > iQCVAwUBQ1+eO3h5cEbo8TeiAQLOqAP8DctPlYwp31gbPVYeiKJoNOLVzmfXlE2T
> > xrH6fheN54odc8WY0VmyYWBTDwe2PDKJoq4ePcmshBjv5Nz5H/fkD746eajMxhwB
> > RYVnbNL4JoxE6nAMv8IR17yMEudFCE1bHE0dKAQFRl+veNUoxkZfR/LBkg2+/W9j
> > vXjxgrV8Aps=
> > =MRJ9
> > -----END PGP SIGNATURE-----