[logs] SIM solution - Objectives ?
Stefano Zanero
zanero at elet.polimi.it
Mon Jun 4 13:52:48 PDT 2007
Mikael Kuisma wrote:
> Ok. First of all, ASDIC is actually implemented, not only a paper.
The papers usually come out of "actually implemented" things. The fact
that they have not evolved into a GPLed software is not by itself a
novelty of your approach.
In fact, usually the cool and new stuff is in papers first, then slowly
moves on to GPL code and ends up into proprietary products later :p
I do not mean to demean your effort. Only, it's not something new,
there's a gazillion of results that you should really take into account
before designing something like this.
> Further, I have not found any paper about aggregating related log
> entries in this, or a related, way.
https://www.usenix.org/publications/library/proceedings/lisa98/full_papers/girardin/girardin_html/girardin.html
http://www.springerlink.com/index/N21LYCG199259GEN.pdf
just a couple you may wish to browse through... there's hundreds,
actually. Log visualization is its own field of study, lately.
Anyway, the problem in aggregating log entries is that, well, you cannot
deal readily with their content. So, you can aggregate them only on the
dimensions that matter less.
> because the Arbor web is more market oriented then technical ... Lots
> of nice colour brochures, but not so much information about what it's
> really about.
I think the guys at Arbor are more than capable of defending themselves.
Suffice it to say that the likes of Jose Nazario, Tomas Ptaced and
Farnham Jahanian worked on that stuff... so, while their marketing is
undoubtedly good, I'd think about it a couple of hundred times before
saying that we don't really know what it's about, as they've been
speaking and teaching and writing the book on anomaly detection
techniques for the last ten years at least.
Best,
Stefano
More information about the LogAnalysis
mailing list