A few preliminary log analysis thoughts
As promised, below are a few of my own favorite resources on log analysis. Probably the top folks in the industry today working on the log analysis problem are Tina Bird, Marcus Ranum, and Anton Chuvakin. I've had the privilege of attending talks/classes by each of them at SANS conferences, I hope they'll be teaching more of them in the near future.
The log analysis web site created by Marcus Ranum and Tina Bird - http://www.loganalysis.org/
SEC (Simple Event Correlator), which I once described to SANS instructor David Hoelzer as "swatch on steroids" - http://kodu.neti.ee/~risto/sec/ and the SEC rules being collected by the Bleeding Snort project at http://www.bleedingsnort.com/sec/ (thanx to Matt Jonkman for reminding me of this).
Marcus Ranum's nbs tool - http://www.ranum.com/security/computer_security/code/nbs.tar
Logwatch - http://www.logwatch.org
As promised, I'll share our reader's suggestions sometime next week.
--------------------------
Jim Clausing, jclausing --at-- isc dot sans dot org
0 comment(s)
Resources
The log analysis mailing list - http://lists.shmoo.com/mailman/listinfo/loganalysisThe log analysis web site created by Marcus Ranum and Tina Bird - http://www.loganalysis.org/
SEC (Simple Event Correlator), which I once described to SANS instructor David Hoelzer as "swatch on steroids" - http://kodu.neti.ee/~risto/sec/ and the SEC rules being collected by the Bleeding Snort project at http://www.bleedingsnort.com/sec/ (thanx to Matt Jonkman for reminding me of this).
Marcus Ranum's nbs tool - http://www.ranum.com/security/computer_security/code/nbs.tar
Logwatch - http://www.logwatch.org
As promised, I'll share our reader's suggestions sometime next week.
--------------------------
Jim Clausing, jclausing --at-- isc dot sans dot org
My next class:
LINUX Incident Response and Threat Hunting | Online | US Eastern | Jan 29th - Feb 3rd 2025 |
×
Diary Archives
Comments