[logs] open source artificial ignorance-like systems

[Safier, Adam *]

I have to wonder if anyone has approached the Artificial Intelligence
crowd with log analysis questions like this.  It seems this would be
right up their alley.  I would think that LISP might be decent at
processing something like a log file, though I admit I don't know enough
to know which AI tree to bark up.

Adam 

-----Original Message-----
From: loganalysis-bounces at loganalysis.org
[mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Chris Buechler
Sent: Tuesday, April 17, 2007 2:45 PM
To: loganalysis at loganalysis.org
Subject: [logs] open source artificial ignorance-like systems

Likely everyone here has read MJR's artificial ignorance guide, but just
in case you haven't:
http://www.ranum.com/security/computer_security/papers/ai/index.html

What I've spent a lot of time looking for, with no success, is an open
source system that will implement something similar but smarter than a
simple grep from cron. What I ideally want is something that reads logs
in real time, and has a list of "rules", if you will, which would be a
list of regex's with an action for each. Like always ignore xyz.*,
ignore abcd.* unless it happens more than X times in Y time frame
(minutes, hours), etc. and a default alert rule for anything that
doesn't match any of the previous rules, since it's something I'm not
expecting.

Seems pretty simple, but a lot of searching and browsing loganalysis.org
and similar sites has left me with nothing. I could hack together
something with standard Unix tools that would meet most of these
requirements. But I figure as simple and useful as this is, somebody has
probably already put together an open source package that does what I
describe, I just can't find it.

Any suggestions would be appreciated. OS, if it matters, could be either
FreeBSD or Linux.

Cheers,
Chris

_______________________________________________
LogAnalysis mailing list
LogAnalysis at loganalysis.org
http://www.loganalysis.org/mailman/listinfo/loganalysis