[Novalug] Looking for sample system and event logs..
Ken Kauffman
kkauffman at headfog.com
Wed Apr 2 23:02:13 EDT 2008
That's a tricky question. By the time it reaches your log files, you've
already not done your job. However, it would be an additional protection
for unforeseen circumstances.
Ken
On Wed, Apr 2, 2008 at 10:07 PM, Scott Musman <musman at aug-sys.com> wrote:
> Ken,
>
> Yes you've got the idea.. Unfortunately repurposing these things isn't
> particularly a great idea. Marcus Ranum already tried it with logbayes:
>
> http://www.ranum.com/security/computer_security/code/index.html
>
> and unfortunately I could probably also give you a bunch of
> techno-babble about why the Bayesian analysis done for spam isn't quite
> right for logfile analysis..
>
> You've got the right idea though.. The question now is.. If I build it,
> would you use it?
>
> -- Scott
>
>
> On Wed, 2008-04-02 at 22:07 -0400, Ken Kauffman wrote:
> > Doesn't the Bayesian logic in spamassassin do this type of analysis?
> > You might be able to just re-purpose it for this type of analysis.
> >
> > Ken
> >
> > On Wed, Apr 2, 2008 at 10:05 PM, Shawn Wells <swells at redhat.com>
> > wrote:
> >
> > greg pryzby wrote:
> > http://www.splunk.com/
> >
> > Not sure there is anything cooler than this app for
> > processing ANY logs, not as fast.
> >
> > Of course if you have something that does, I will get
> > you funding for a small piece of the action :P
> >
> >
> > php-syslog-ng?
> >
> >
> > _______________________________________________
> > Novalug mailing list
> > Novalug at calypso.tux.org
> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
> >
> >
> > _______________________________________________
> > Novalug mailing list
> > Novalug at calypso.tux.org
> > http://calypso.tux.org/cgi-bin/mailman/listinfo/novalug
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20080402/eadba167/attachment-0001.htm
More information about the Novalug
mailing list