[logs] SIM Analysis of Firewall Logs
Michael Kinsley
michael.kinsley at sensage.com
Thu Sep 27 13:44:07 PDT 2007
s/detections/detection/
-M
On Sep 27, 2007, at 12:53 PM, Michael Kinsley wrote:
> o might I suggest using GeoIP? One of the requests I receive fairly
> often is to identify requests either leaving the country of origin
> or going to a particular country. A quick search on CPAN for GeoIP
> should get you to the right place.
>
> If you have competitors it is also reasonable to look for inbound/
> outbound connections from/to them. Although this won't catch people
> who go out of their way to avoid detections, its a nice metric to
> have handy... and I find most people still treat web browsing as if
> it were an anonymous activity.
>
> good luck.
>
> -Michael
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.loganalysis.org/pipermail/loganalysis/attachments/20070927/1e7f6f43/attachment.html
More information about the LogAnalysis
mailing list