PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: best automated way to construct a timeline from websense logs?

From: Johan Peder Møller <johan () johans dk>
Date: Sun, 9 Jun 2013 07:16:00 +0200
Have looked at liblognorm.
No personal experience, but remeber having it recomended at some time.

rgds
Johan


On Fri, Jun 7, 2013 at 3:36 AM, allison nixon <elsakoo () gmail com> wrote:


So I have several gigs of webnonsense logs and I am trying to construct a
timeline of malware infection as it spreads from IP to IP.  I already know
what the malicious URLs look like so that's not the issue.  I want to be
able to build a timeline of activity to describe the first moment a
computer was infected and I want to illustrate when the phone home traffic
hops from domain to domain.

I can sort of do it with some artful use of grep and excel, but it's hard
to make that scale to more than a small sample of the logs.  I fed it to a
trial copy of Splunk and it exploded while giving me nothing useful.  Are
there any tools out there that I can use for this?  I don't want to pay
money for it because it's a one-off, but so far nothing can compete with
good ol grep

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: