Log analysis server suggestions? [long]
work at ashleymoran.me.uk
Mon Feb 20 09:02:07 PST 2006
On Thursday 16 February 2006 15:30, Chuck Swiger wrote:
> I'm not sure who the original poster was, but whoever is interested in this
> topic might benefit by reading a thread from the firewall-wizards mailing
Cheers that was very useful- I've put it into our company Wiki so it can be
ignored by everyone :)
I like the 3-stage processing:
> Simply design your analysis as an always 3-stage process consisting of:
> - weeding out and counting instances of uninteresting events
> - selecting, parsing sub-fields of, and processing interesting events
> - retaining events that fell through the first two steps as "unusual"
That solves the problem of missing logs that you didn't anticipate, although
it adds a lot to the initial server configuration.
More information about the freebsd-questions