Re: best automated way to construct a timeline from websense logs?

[anthony kasza <anthony.kasza () gmail com>]

I enjoy using R and ggplot for visualizing situations like this. If you
find yourself doing these things at more than a one-off, it might be useful
to pick it up.
On Jun 9, 2013 10:32 AM, "Johan Peder Møller" <johan () johans dk> wrote:

> Have looked at liblognorm.
> No personal experience, but remeber having it recomended at some time.
>
> rgds
> Johan
>
>
> On Fri, Jun 7, 2013 at 3:36 AM, allison nixon <elsakoo () gmail com> wrote:
>
> > So I have several gigs of webnonsense logs and I am trying to construct a
> > timeline of malware infection as it spreads from IP to IP.  I already know
> > what the malicious URLs look like so that's not the issue.  I want to be
> > able to build a timeline of activity to describe the first moment a
> > computer was infected and I want to illustrate when the phone home traffic
> > hops from domain to domain.
> >
> > I can sort of do it with some artful use of grep and excel, but it's hard
> > to make that scale to more than a small sample of the logs.  I fed it to a
> > trial copy of Splunk and it exploded while giving me nothing useful.  Are
> > there any tools out there that I can use for this?  I don't want to pay
> > money for it because it's a one-off, but so far nothing can compete with
> > good ol grep
> >
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
>
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com