8/16/2006
What logs do you want to see?
As stated earlier, I do have offers from some people for logs and I track some lists and have a sense of what they are looking for. But what I would like to know is what logs are you looking for first? What do you need from the logs? Do you need a filtered group of entries that just shows IPSec conenctions for a Cisco PIX? Do you want to see many different Anti-Virus vendors log for the same virus/worm? What is it you want to get the most out of logs at this time?
Feedback for starting log blog
Well, I am already receiving feedback from the log analysis list.
I have a few folks who want to offer logs. I also have feedback from the same person who inspired me to get log-blog back into use.
I have a few folks who want to offer logs. I also have feedback from the same person who inspired me to get log-blog back into use.
Hmm, pls don't call me a curmudgeon :-) , but this effort is largelyOK. While I have no where near the smarts of Marcus Ranum, Tina Bird, or Anton Chuvakin, I am still willing to give it a go. I think I have one insight that could help with getting content. I have been on the log analysis list for two years now. At the same time I have been on other lists for products that parse/correlate/collect logs. I have seen very few names that post across the lists. Hence I may get more cooperation if I target needs across the other lists. If it does not work out, then hey what have I lost? So far I haven't spent a dime and this allows me to put a little more effort into something I find interesting. Hence I think "doomed to fail" is a little harsh.
doomed to fail.
...people are not too motivated to share their logs (samples, etc)...
Tina (Bird) and Marcus Ranum tried to collect a lot on loganalysis.org, but
their project stalled for that very reason...
8/15/2006
Log-blog reloaded
touch /var/log/log-blog && kill -HUP `lsof -t -c syslog-ng`
After a year of ignoring log-blog I decided to give it another go. I was inspired by two events.
1) I was just informed that I am one of 1700 people to get laid off from CA.
2) Anton Chuvakin posted the following challenge on the Log Analysis list.
More details to follow very soon
After a year of ignoring log-blog I decided to give it another go. I was inspired by two events.
1) I was just informed that I am one of 1700 people to get laid off from CA.
2) Anton Chuvakin posted the following challenge on the Log Analysis list.
He-he, everybody is looking for it and nobody is creating it :-)Hence I am willing to create it.
I was curious if anyone knows of a resource that provides a many
examples of the various logs from many devices and vendors?
More details to follow very soon
