[logs] open source artificial ignorance-like systems

Harry Hoffman hhoffman at ip-solutions.net
Tue Apr 17 15:25:59 PDT 2007 

Check out SL3! It does exactly what you want.
http://www.ip-solutions.net/_articles/lsa.html

Russell Fulton (wrote in perl and then ) re-wrote it in Ruby rather 
recently but I can't find the URL.

Russell?

HTH,
Harry


Safier, Adam * wrote:
> I have to wonder if anyone has approached the Artificial Intelligence
> crowd with log analysis questions like this.  It seems this would be
> right up their alley.  I would think that LISP might be decent at
> processing something like a log file, though I admit I don't know enough
> to know which AI tree to bark up.
>
> Adam 
>
> -----Original Message-----
> From: loganalysis-bounces at loganalysis.org
> [mailto:loganalysis-bounces at loganalysis.org] On Behalf Of Chris Buechler
> Sent: Tuesday, April 17, 2007 2:45 PM
> To: loganalysis at loganalysis.org
> Subject: [logs] open source artificial ignorance-like systems
>
> Likely everyone here has read MJR's artificial ignorance guide, but just
> in case you haven't:
> http://www.ranum.com/security/computer_security/papers/ai/index.html
>
> What I've spent a lot of time looking for, with no success, is an open
> source system that will implement something similar but smarter than a
> simple grep from cron. What I ideally want is something that reads logs
> in real time, and has a list of "rules", if you will, which would be a
> list of regex's with an action for each. Like always ignore xyz.*,
> ignore abcd.* unless it happens more than X times in Y time frame
> (minutes, hours), etc. and a default alert rule for anything that
> doesn't match any of the previous rules, since it's something I'm not
> expecting.
>
> Seems pretty simple, but a lot of searching and browsing loganalysis.org
> and similar sites has left me with nothing. I could hack together
> something with standard Unix tools that would meet most of these
> requirements. But I figure as simple and useful as this is, somebody has
> probably already put together an open source package that does what I
> describe, I just can't find it.
>
> Any suggestions would be appreciated. OS, if it matters, could be either
> FreeBSD or Linux.
>
> Cheers,
> Chris
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
>
>
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis at loganalysis.org
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>

More information about the LogAnalysis mailing list