[logs] SIM solution - Objectives ?
Stefano Zanero
zanero at elet.polimi.it
Mon Jun 4 12:02:59 PDT 2007
Mikael Kuisma wrote:
> Hi Saudi,
>
> To detect changes in your network configuration based on firewall logs,
> you can use the ASDIC network traffic analysis system. It registers the
> standard traffic and reports changes, based on whatever criteria of you
> choice. Works fine of both Stonegate and Firewall-1 logs. It uses a
> quite neat (and as far I know, unique) mechanism of aggregating
> relating log entries, keeping the output short and concise.
It looks to me a rather rough attempt to replicate early '90s research
on anomaly detectors...
It may work well or not, but is all but unique :)
--
Cordiali saluti,
Stefano Zanero
Politecnico di Milano - Dip. Elettronica e Informazione
Via Ponzio, 34/5 I-20133 Milano - ITALY
Tel. +39 02 2399-4010
Fax. +39 02 2399-3411
E-mail: zanero at elet.polimi.it
Web: www.elet.polimi.it/upload/zanero
More information about the LogAnalysis
mailing list