Log analysis server suggestions? [long]

Ashley Moran work at ashleymoran.me.uk
Mon Feb 20 09:02:07 PST 2006

On Thursday 16 February 2006 15:30, Chuck Swiger wrote:
> I'm not sure who the original poster was, but whoever is interested in this
> topic might benefit by reading a thread from the firewall-wizards mailing
> list:


Cheers that was very useful- I've put it into our company Wiki so it can be 
ignored by everyone :)

I like the 3-stage processing:
> Simply design your analysis as an always 3-stage process consisting of:
> - weeding out and counting instances of uninteresting events
> - selecting, parsing sub-fields of, and processing interesting events
> - retaining events that fell through the first two steps as "unusual"

That solves the problem of missing logs that you didn't anticipate, although 
it adds a lot to the initial server configuration.


More information about the freebsd-questions mailing list