tag:blogger.com,1999:blog-111108012009-02-21T00:59:07.422-08:00A blog about computer network logging. It includes syslog, windows event logs, application specific logs and the tools to parse and correlate them.D. Alan Ridgewayhttp://www.blogger.com/profile/12947995376844264178noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-11110801.post-1155778505541703552006-08-16T18:29:00.000-07:002006-08-16T18:35:05.550-07:00As stated earlier, I do have offers from some people for logs and I track some lists and have a sense of what they are looking for. But what I would like to know is what logs are you looking for first? What do you need from the logs? Do you need a filtered group of entries that just shows IPSec conenctions for a Cisco PIX? Do you want to see many different Anti-Virus vendors log for the same virus/worm? What is it you want to get the most out of logs at this time?<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/11110801-115577850554170355?l=log-blog.blogspot.com'/></div>D. Alan Ridgewayhttp://www.blogger.com/profile/12947995376844264178noreply@blogger.com3tag:blogger.com,1999:blog-11110801.post-1155776576056108792006-08-16T17:37:00.000-07:002006-08-16T18:02:56.096-07:00Well, I am already receiving feedback from the log analysis list.<br />I have a few folks who want to offer logs. I also have feedback from the same person who inspired me to get log-blog back into use.<br /><pre>Hmm, pls don't call me a curmudgeon :-) , but this effort is largely<br />doomed to fail.<br />...people are not too motivated to share their logs (samples, etc)...<br />Tina (Bird) and Marcus Ranum tried to collect a lot on loganalysis.org, but<br />their project stalled for that very reason...<br /></pre>OK. While I have no where near the smarts of Marcus Ranum, Tina Bird, or Anton Chuvakin, I am still willing to give it a go. I think I have one insight that could help with getting content. I have been on the log analysis list for two years now. At the same time I have been on other lists for products that parse/correlate/collect logs. I have seen very few names that post across the lists. Hence I may get more cooperation if I target needs across the other lists. If it does not work out, then hey what have I lost? So far I haven't spent a dime and this allows me to put a little more effort into something I find interesting. Hence I think "doomed to fail" is a little harsh.<div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/11110801-115577657605610879?l=log-blog.blogspot.com'/></div>D. Alan Ridgewayhttp://www.blogger.com/profile/12947995376844264178noreply@blogger.com2tag:blogger.com,1999:blog-11110801.post-1155697660434132882006-08-15T20:00:00.000-07:002006-08-15T21:00:08.213-07:00<span style="font-weight: bold;">touch /var/log/log-blog &&amp; kill -HUP `lsof -t -c syslog-ng`<br /><span style="font-weight: bold;"><br /></span></span>After a year of ignoring log-blog I decided to give it another go. I was inspired by two events.<br />1) I was just informed that I am one of 1700 people to get laid off from CA.<br />2) Anton Chuvakin posted the following challenge on the Log Analysis list.<br /><pre wrap="">He-he, everybody is looking for it and nobody is creating it <span class="moz-smiley-s1"> :-) </span></span><font><br /><span class="moz-txt-citetags">> </span>I was curious if anyone knows of a resource that provides a many<br /><span class="moz-txt-citetags"> </span>examples of the various logs from many devices and vendors?</span></pre></font>Hence I am willing to create it.<br />More details to follow very soon</span><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/11110801-115569766043413288?l=log-blog.blogspot.com'/></div>D. Alan Ridgewayhttp://www.blogger.com/profile/12947995376844264178noreply@blogger.com1