Re: Monitoring logs

• To: tauzell@math.umn.edu (David Tauzell)
• Subject: Re: Monitoring logs
• From: Adam Shostack <adam@homeport.org>
• Date: Thu, 15 Aug 1996 19:59:34 -0500 (EST)
• Cc: www-security@ns2.rutgers.edu
• In-Reply-To: <Pine.GSO.3.93.960815092512.11627A-100000@birch.math.umn.edu> from "David Tauzell" at Aug 15, 96 09:26:10 am

David Tauzell wrote:
| What kinds of things to people look for when monitoring logs for security
| breaches?

The unexpected stuff, of course.  :)

Seriously though, the correct answer is not to look for stuff, but to
filter out the expected.  This can take a little tweaking of perl
regexps.  However, the benefit is that the new attack log messages
show up in your logs, since they're unlikely to result in something
that you're filtering.

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume

• Monitoring logs
• From: David Tauzell <tauzell@math.umn.edu>

• Previous: Auto remail on a Web server??
• Next: Re: How to get OFF this list
• Index(es):
  • Index
  • Thread